On February 20th, Drupal released a security update that fixes a critical remote code execution vulnerability. Detectify scans your site for this vulnerability and will alert you if you are running a vulnerable version of Drupal.
What can happen if I’m vulnerable?
The issue (CVE-2019-6340) is a remote code execution vulnerability that allows attackers to take over a Drupal site, accessing all non-public data as well as being able to modify or delete it. The vulnerability can be exploited by simply sending one request to the server, which is why it has been assigned a high severity score.
Who is affected by this vulnerability?
Sites that have the Drupal 8 core RESTful Web Services (rest) module enabled.
What should I do if I see this finding in my Detectify report?
Immediately upgrade to the most recent version of Drupal core. If you are running 8.6.x, the latest release is 8.6.10, and if you are running 8.5.x or earlier, you should upgrade to 8.5.11.
The Drupal security team has confirmed that exploits for this vulnerability have been developed and that evidence of automated attack has emerged during the weekend. This is why we recommend you to inspect your logs for signs of malicious activity.
How does Detectify check for this?
Shortly after the announcement from Drupal, Detectify received a working proof of concept through from one of our Detectify Crowdsource white hat hackers. This means that we can check for the actual vulnerability rather than doing a version check, leading to a more accurate result.
More information
Drupal Public Service Announcement
Drupal Security Advisory
Detectify is a continuous web scanner monitor service that can be set up for automated scanning for 1000+ known vulnerabilities including the OWASP Top 10 and Drupal vulnerabilities. Start your free 14-day trial today and check for the latest vulnerabilities!