This vulnerability discovered Drupal security team two weeks ago, a highly critical (25/25 NIST rank), (SA-CORE-2018-002 / CVE-2018-7600) nicknamed Drupalgeddon 2. This vulnerability allowed an unauthenticated attacker to perform remote code execution.
An exploitation method was published a few days ago for this vulnerability which allows attacker in the server execute any code with user permission.
The vulnerability is very easy to exploit, all the attacker needs to do is send a request with payload to:
--56f4611e-B-- POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.1
If you have not already, update as soon as possible your drupal installation!
Websites that using Malware Expert – ModSecurity rules are protected against this attack.