Drupal Releases Security Update

Drupal has released a security update a to address a vulnerability in Drupal core. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code on an affected system.

Threat ID:: CC-2944
Category:
Threat Severity:: Low
Threat Vector:
Published:: 21 February 2019 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Drupal has released a security update a to address a vulnerability in Drupal core. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code on an affected system.

Affected platforms

The following platforms are known to be affected:

Drupal

Drupal Core - Versions 8.6x prior to 8.6.10 and 8.5.x prior to 8.5.11

Threat details

For further information:

CVE-2019-6340

Update 26 Feb 2019

The vulnerability patched in this update has been observed being exploited in the wild to deliver the cryptocurrency miner CoinIMP. It is being delivered by injecting the tool into affected websites' index.php files. Once inserted, CoinIMP will attempt to harvest the power of machines which visit the infected website to mine for the Monero cryptocurrency.

Remediation steps

Type	Step
	Users and administrators are encouraged to review the Drupal Security Advisory SA-CORE-2019-003 and apply the necessary update.

Last edited: 14 February 2020 2:45 pm