CMS Drupal bug leaves 1 million websites prone to attack

cms bug cybersecurity risk

There’s a cybersecurity risk in CMS Drupal that could leave nearly 1 million websites prone to a cyber attack. CMS Drupal is a free and open source content management framework that is written in PHP. Now, the team that designed Drupal is urging administrators to update their sites to ward off the bug.

Reports claim that the nasty bug could highly compromise these 1 million sites. The affected versions are Drupal 6, 7 and 8 and it has sited that this is a highly critical cybersecurity risk. It warns that nearly anyone visiting the site can easily hack into it.


In a blog post, the Drupal group said, “This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.”

In fact, an alert was sent last week about a “highly critical release” that would be released this weekend and that website admin should update it immediately. This left the developers and administrators on high alert.

The group has identified the bug as CVE-2018-7600. However, users on various social media are calling it drupalgeddon2 in reference to the major release from Drupal way back in 2014. Drupal has warned the websites to update to Drupal 7.58 or Drupal 8.5.1 as soon as possible to avoid any attack.