Intrusion Prevention

Drupal.Coder.Upgrade.Run.Code.Execution

Description

This indicates an attack attempt to exploit a remote Code Execution vulnerability in the third-party Coder module for Drupal content
management system (CMS).
The vulnerability is due to improper user input validation in the application. A remote attacker can exploit this to execute arbitrary code in the security context of the target process via a crafted HTTP request.

Affected Products

Drupal Coder 7.x-1.x prior to 7.x-1.3
Drupal Coder 7.x-2.x prior to 7.x-2.6

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the latest update from the vendor.
https://www.drupal.org/node/2765575

Other References

2765575