Threat actors have already started exploiting recently patched Drupal RCE flaw (CVE-2019-6340) to deliver cryptocurrency miners.
Earlier this week Drupal patched a critical remote code execution flaw (CVE-2019-6340) in Drupal Core which could allow attackers to execute arbitrary PHP code.
“Some field types do not properly sanitize data from non-form sources which can lead to arbitrary PHP code execution in some cases.” said in the security advisory published by Drupal.
Just two days after the patches were released, a proof-of-concept (PoC) exploit code for the vulnerability was made publicly available.
Now security researchers at Imperva discovered a series of attacks exploiting the CVE-2019-6340 flaw just after exploit code was published. The attack started three days after the Drupal patched the vulnerability.
Attacks were originated from several attackers and countries targeting vulnerable Drupal websites including sites in the government and financial sectors.
“Imperva research teams constantly analyze attack traffic from the wild that passes between clients and websites protected by our services. We’ve found dozens of attack attempts aimed at dozens of websites that belong to our customers using this exploit, including sites in government and the financial services industry.”
The attacker also tried to install to install a shell uploader to upload arbitrary files on the targeted website.
All admins and users are advised to immediately update their Drupal websites.
You may be interested in reading:Several Photo Editing Apps Found Stealing Users Photos