Durpal security team have just patched the critical Access Bypass vulnerability on Durpal core, that give attacker full control over your site. This Access Bypass Bug which is dubbed as CVE-2017-6919 is been affected to Durpal 8.x not to the earlier version.
A site is only affected by this if all of the following conditions are met:
- The site has the RESTful Web Services (rest) module enabled.
- The site allows PATCH requests.
- An attacker can get or register a user account on the site.
As severity of the bug is high and critical, durpal team have also release a patch for it's earlier version 8.2.x.
If you are using Durpal 8.2.X then you can update your Durpal CMS to version 8.2.8, or if you are using version 8.3.0 then update it to version 8.3.1.
So guys patch your site before it got hacked.