Vulnerability in Drupal CMS used for cryptomining

Share this…

Drupal beside some things is also an open-source content management system (CMS) just like WordPress and is used by over a million websites across the globe. Drupal seems to be a top pick for governments and financial sector.

However, information security experts report suggest that Drupal contained a highly critical vulnerability that allowed remote hackers full control of a website. Users were kept unaware of this flaw until the company released a patch to address the issue.


Now, researchers at Checkpoint have openly disclosed the vulnerability to the public, leaving site admins scratching their heads.

Labeled as Drupalgeddon2, the vulnerability was so serious that it can be used for installation of cryptocurrency miners to mine for Monero cryptocurrency.

Drupal’s information security experts team addressed the issue last month and released the patch, which admins who use Drupal to run websites are advised to install as quickly as possible. Researchers also released a proof-of-concept exploit for the flaw, which demonstrates that attackers can easily gain complete control of a website using the vulnerability.

Researchers haven’t observed hackers wasting time in exploiting any kind of vulnerability until now and in this case too they have been rather quick on exploiting Drupalgeddon2. Attacks have already been initiated and attackers are installing cryptominers. An excerpt from a thread on SANS ISC Infosec forums confirms this as well.

The exploits are being launched at a rapid pace currently. The information security experts and website owners are quite concerned. A tweet from GoDaddy’s VP of Engineering clearly shows this unrest among web owners.


The only possible solution at the moment is to install the patch immediately.

A PSA was also published by Drupal’s team stating that the company was already aware of the attacks that are being launched to compromise Drupal 7 and 8 websites. The vulnerability has been classified as CVE-2018-7600 whereas the security risk score of the issue is increased to 24/25.

If your website remains unpatched, it is at the risk of compromising, information security researchers said. Quite possibly, targeted attacks were already launched before the release of the patch. It is also to be noted that just by updating Drupal, you cannot remove backdoors and also cannot fix already compromised websites.

In fact, if you think that your website is patched while you didn’t patch it yourself then this indicates the site has been compromised. That’s possible because in some previous attacks it was noted that attackers themselves applied the patch to ensure that the site remained in their control.