Widespread Drupal Arbitrary Code Execution

Date of Detection:



Attack Pattern:

  • URI:



  • Request Body:




Target System:

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code.



This issue is not a zero-day vulnerability and assigned as CVE-2018-7600. However, attackers are scanning and attacking a large portion of worldwide honeypots of CloudCoffer. That means if any system is not updated, it is in a dangerous situation.

Please note that the payload carried from the request bodies are different from requests to requests.