Drupal has recently patched a critical remote code execution exploit, which we wrote about earlier this month. The second part of that vulnerability, CVE-2018-7602 is now here. Again, this vulnerability may result in Drupal sites to be completely compromised. According to Drupal advisory, both of these vulnerabilities are being exploited in the wild.
However, if you are using Imunify360, you don’t have to worry about it, at least not for now. Earlier this month, we have added a rule CVE-2018-7600 to our database to detect and block suspicious requests. Now, we have pushed a rule CVE-2018-7602 to master and have deployed it to all our customers.
While we always recommend updating the vulnerable software, we are happy to secure your sites until you have a chance to do so.
More information on this vulnerability and updates can be found here: https://www.drupal.org/sa-core-2018-004.