A new vulnerability was discovered when examining a previously discovered vulnerability RCE, called Drupalgeddon2 (CVE-2018-7600), which was fixed on March 28.
According to the new report, the new code removal vulnerability (CVE-2018-7602) can also allow attackers to completely take over vulnerable Web sites.
Since the previously discovered drawback attracted a lot of attention and prompted the attackers to navigate the sites working on Drupal, experts strongly recommend setting new patches:
If you are using 7.x, go to Drupal 7.59.
If you are using 8.5.x, update Drupal 8.5.3.
If you are using 8.4.x, which is no longer supported, you must first upgrade your site to version 8.4.8, and then install the latest version 8.5.3 as soon as possible.
It should also be noted that the new fixes will only work if your site has already applied the fixes for the Drupalgeddon2 defect.