Third critical Drupal vulnerability discovered!!!
Those who are running a Drupal website couldn’t have a rest over the past few weeks. This is the third time when Drupal recommends to update these sites. During exploring the previous remote code execution (RCE) vulnerability, the CVE-2018-7600, the team discovered a new RCE vulnerability (CVE-2018-7602).
If you or your customers have Drupal websites and would like to avoid backdoors, cryptocurrency miners and other malwares, BitNinja is here to help you! Just make sure your WAF rule
#402003 is enabled on the Dashboard and you don't have to worry about the Drupalgeddon3 anymore.
According to Drupal security advisories and based on our own database, this vulnerability is being exploited in the wild, so if you haven't enabled BitNinja WAF yet, it is highly recommended to do so if you have any Drupal-based website hosted on your server.
Take care of your servers' security now!