wp-crawl.php

Malware details

WordPress Duplicator version below <1.2.42 have Remote Code Execution (RCE) vulnerability, which allow modify wp-config.php file and inject malicious PHP code in there. Vulnerable code in this case isn’t present within the Duplicator plugin directory itself. The flaw becomes exposed when using Duplicator to migrate or restore a backed-up copy of a WordPress site. Reminder … Read more

Modx Revolution <=2.6.4 (Remote Code Execution)

Security

Description Last week published two critical vulnerabilities affecting MODX Revolution <=2.6.4 which include remote script execution and file/directory removal. Hackers thereby able to compromise the website or spoil or delete files or directories. In the MODX Revolution Version <= 2.6.4, filtering users have an incorrect access control capability in the parameters, which becomes the phpthumb class that causes the … Read more

Drupal – Remote Code Execution (SA-CORE-2018-004 / CVE-2018-7602) nicknamed Drupalgeddon 3

This vulnerability discovered Drupal security team one weeks ago, a highly critical (20/25 NIST rank), (SA-CORE-2018-004 / CVE-2018-7602) nicknamed Drupalgeddon 3. This vulnerability continues Drupalgeddon 2 and allow an unauthenticated attacker to perform remote code execution. An exploitation method was published a few days ago for this vulnerability which allows attacker in the server execute … Read more

Drupal – Remote Code Execution (SA-CORE-2018-002 / CVE-2018-7600) nicknamed Drupalgeddon 2

Security

This vulnerability discovered Drupal security team two weeks ago, a highly critical (25/25 NIST rank), (SA-CORE-2018-002 / CVE-2018-7600) nicknamed Drupalgeddon 2. This vulnerability allowed an unauthenticated attacker to perform remote code execution. An exploitation method was published a few days ago for this vulnerability which allows attacker in the server execute any code with user … Read more