Drupal CMS Modules Vulnerabilities Leads to Remote Code Execution


A few weeks ago, Drupal released an advisory stating that three of its third-party modules have been found to be vulnerable and advised users to update to the latest releases. These modules are the RESTWS, Coder, and Webform Multiple File Upload modules. Two of the vulnerabilities have been publicly disclosed and Dell SonicWALL research team has analyzed the exploitation details.

The first is the RESTWS Module Code Execution Vulnerability. The RESTWS module is used to create Rest application programming interfaces (APIs). The vulnerability in this module allows a remote attacker to execute commands on the vulnerable web server.

The second is the Coder Module coder_upgrade.run.php Code Execution Vulnerability. The Coder module allows administrators and developers to check their code against various coding standards and best practices. This module also contains a remote code execution vulnerability.

Dell SonicWALL team has written the following signatures that helps protect our customers from this attack:

  • IPS 11747: Drupal RESTWS Module Code Execution
  • IPS 11770: Drupal RESTWS Module Code Execution 2
  • IPS 11771: Drupal Coder Module Code Execution
  • WAF 1639: Drupal RESTWS Module Page Callback Remote Code Execution
  • WAF 1640: Drupal Coder Module Remote Code Execution
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.