Five hours after the Drupal team published a security update for the Drupal CMS, hackers have found a way to weaponize the patched vulnerability, and are actively exploiting it in the wild.
The Drupal team released Drupal v7.59, v8.4.8, and v8.5.3 to patch CVE-2018-7602.
Seven hours after the patch, and two hours after the first in-the-wild attacks were reported, a user named Blaklis also published weaponized proof-of-concept code for CVE-2018-7602 on Pastebin.
No comments:
Post a Comment