A highly critical vulnerability (dubbed Drupalgeddon2), tracked as CVE-2018-7600, was affecting Drupal 7 and 8 core and announced the availability of security updates on March 28th. The vulnerability was discovered by the Drupal developers Jasper Mattsson. After the release of the security update, a proof-of-concept (PoC) exploit was publicly disclosed. Experts have no doubts, hackers will start exploiting the flaw to hack vulnerable websites in the wild.”]
Source: https://securityaffairs.co/wordpress/71370/hacking/drupalgeddon2-drupal-flaws.html