Future Hosting Urges Drupal Users To Patch RCE Vulnerability

SOUTHFIELD, Mich., Feb. 28, 2019 /PRNewswire-PRWeb/ -- Future Hosting, a managed VPS and dedicated server hosting provider, has urged server hosting clients to update Drupal sites to mitigate the impact of a critical remote code execution vulnerability. The vulnerability was discovered and patched earlier in February, but many Drupal sites have not been updated and remain at risk.

The vulnerability affects Drupal 8.6 and 8.7, as well as some contributed modules of Drupal 7. To remove the risk of remote code injection, Drupal installations should be updated to the most recent version -- at least Drupal 8.6.10 or Drupal 8.5.11. The vulnerability can also be mitigated by disabling web services modules.

The vulnerability is caused by a failure to sanitize data from non-form sources. Drupal sites that use Drupal's RESTful Web Services module and other web services modules are vulnerable. Attackers may be able to exploit the security vulnerability to inject and execute arbitrary PHP code on any unpatched Drupal installation.

"Future Hosting supports thousands of servers running a wide range of content management systems. We are concerned that that, as with previous Drupal vulnerabilities, Drupal users are not aware of the vulnerability or have chosen not to update," said Maulesh Patel, VP of Operations of Future Hosting. "Details of the vulnerability are in the public domain, and any malicious attacker can use them to compromise unpatched Drupal servers."

The ability to run malicious code on unprotected Drupal sites puts businesses and their customers at risk. Remote code execution vulnerabilities may be used to take over a site, to steal sensitive data, and to gain access to other services running on the same server.

Drupal is the third most popular content management system in the world. There are tens of millions of Drupal sites, often supporting websites and intranets for large businesses. An unpatched vulnerability in Drupal could allow attackers to compromise a vast swathe of the web using automated bots. Drupal users should update to a non-vulnerable version as soon as possible.

About Future Hosting, LLC

Founded in 2001, Future Hosting is a privately held leading Internet solutions provider specializing in managed hosting, including Dedicated Servers, Virtual Private Servers, and Hybrid Virtual Private Servers. The company has built a strong reputation for its high-quality service, innovative pricing models, and 3-hour Service Level Agreement. Future Hosting is based in Southfield, Michigan. For more information, visit http://www.futurehosting.com

SOURCE Future Hosting