A highly critical (25/25 NIST rank) vulnerability, nicknamed Drupalgeddon 2, was disclosed by the Drupal security team two weeks ago. This vulnerability allowed an unauthenticated attacker to perform remote code execution on default or common Drupal installations. The vulnerability existed on all Drupal versions from 6 to 8, though has since been patched to those who manually update their site. In this document we will showcase real life attack scenarios around an out-of-the-box installation of Drupals flagship product, Drupal 8.”]
Source: https://research.checkpoint.com/2018/uncovering-drupalgeddon-2/

