Cyber Newshackers news

Over 115,070 Drupal Sites Still Vulnerable to Drupalgeddon 2

Two months after the release of the security updates for the Drupalgeddon 2 Sites Vulnerable

Over 115,070 Drupal Sites Still Vulnerable to Drupalgeddon 2

Over 115,000 Drupal Sites Still Vulnerable to Drupalgeddon 2:

In March 2018, the Drupal developers Jasper Mattsson discovered a “highly critical” vulnerability, followed as CVE-2018-7600, aka drupalgeddon2, affecting Drupal 7 and 8 versions. Two months ago the Drupal project released a patch for a highly critical security flaw, there are over 115,000 Drupal sites that have failed to install the difficulty and are now at the tolerance of cyber-criminals.

The Cyber Security experts investigating the Internet for that website uses  Drupal; 7.x CMS version detected over 500,000 sites, 115,070 of them running outmoded versions of the popular CMS that were unsafe to  the Drupalgeddon 2 flaw. The scan didn’t search for 6.x and 8.x sites.

  • 115,070 sites were outdated and vulnerable.
  • 134,447 sites were not vulnerable.
  • 225,056 sites I could not ascertain the version used.”

The expert shared the list of vulnerable websites with US-CERT and other CERT teams worldwide.

Mursch confirmed that cryptojacking campaigns are continuing even after his first report,

 Drupal cryptojacking campaign discovered 

Expert when scanning vulnerability site, Then Discover new cryptojacking campaign targeting in Drupal sites. Drupalgeddon 2 vulnerability only 14 days after patches came out because of that most hackers didn’t know how to attack the flaw.

The researcher published a Google Docs spreadsheet at the start of May to track the original campaign, the spreadsheet includes data on various different campaigns and thousands more compromised Drupal sites




With 115,000 of Drupal 7.x sites still without the Drupalgeddon 2 patch, these campaigns produce shots of cannon fodder at their disposal. The flaw has been used to affect servers with backdoors, coin-miners, crypto-jackers, and IoT botnet malware.

CVE-2018-7600 | Drupal < 7.58 / 8.x < 8.3.9 / 8.4.x < 8.4.6 / 8.5.x < 8.5.1 – ‘Drupalgeddon2’ RCE (SA-CORE-2018-002)

Drupalggedon2 ~ (


  • Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 ~ user/register URL, attacking account/mail & #post_render parameter, using PHP’s passthru function
  • Drupal < 7.58 ~ user/password URL, attacking triggering_element_name form & #post_render parameter, using PHP’s passthru function
  • Direct commands or Write a PHP shell to the web root (./) or sub-directories (./sites/default/ & ./sites/default/files/)
  • Windows & Linux support


Speaker, Founder, and CEO — Global hack News | Latest Hacking News, IT Security News, and Cyber Security

Leave a Reply