This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to exploit an arbitrary PHP code injection vulnerability in Drupal Core.
Drupal is a PHP-based content manager.
Drupal is prone to a remote code-execution vulnerability. Specifically, this issue occurs because it fails to properly sanitize data from non-form sources.
Note#1: This issue affects Drupal 8 sites that has RESTful Web Services (rest) module enabled and allows PATCH or POST requests.
Note#2: This issue also affects Drupal 7 sites that use RESTful Web Services or the Services module.
An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition.
- The following products are affected:
- Drupal versions 8.6.x, prior to 8.6.10
- Drupal versions 8.5.x prior 8.5.11