Although these Drupal vulnerabilities were posted to our script security forum, which we recommend you subscribe to, we wanted to give this situation as much visibility as possible. Over the past month there have been two critical Drupal updates released. Both of these address a remote code execution vulnerability, which is at the very top of the scale as far as severity is concerned. The most recent update was just released yesterday (April 25th) and further details on it can be found here. You need to make sure that your Drupal is updated to either version 7.59 or 8.5.3. Drupal 6 hasn’t been officially supported for more than 2 years and should be updated to at least 7.x.
The first vulnerability has been heavily targeted by bots for over a week now. We do have web application firewall (WAF) rules in place to defend against this but the WAF shouldn’t be considered a long term solution. The best option is always to update your scripts as soon as possible. Failure to do so may result in a complete compromise of the cPanel account in question. We’re still evaluating this latest vulnerability for inclusion in our WAF rules.
If you have any questions or run into any issues please drop us a ticket via our portal.