Several weeks after responsible hosters have patched their installations for Drupalgeddon 2, there are still many unpatched installations out there. Originally the vulnerabilities were unveiled in late March. After Checkpoint did their piece on uncovering Drupalgeddon 2, exploiters have activated on the issue.
tl;dr: The Cambridge Analytica site is using a version of Drupal that has an easy XSS exploit using vulnerability SA-CORE-2018-001.
Drupal is a content management system often used for Enterprise Content Management Projects. The tool is large and has integrated features such as a database entity system, which leaves it open to lots of attack vectors because of the large API surface.Without a central authority like Acquia handling security updates, things can be difficult to patch and there will be vulnerable installs as was the case with Drupalgeddon in 2014.
The annual Stack Overflow Developer Survey Results are in for 2018. The world's leading developer platform draws together unique insight on the technology landscape from over a 100,000 developers. The trends are continually changing in the technology world.
Earlier this year the Drupal community was shaken when the Project Leader Dries Buytaert decided to expell the lead developer Larry Garfield from the project, based on accusations of somewhat weird BDSM play. Backstory: BDSM sex rocks Drupal world: Top dev banished for sci-fi hanky-panky
Drupal has been big on diversity and inclusion, priding itself on being one of the biggest, friendliest open source communities around. As such, it has been a prime hotspot for activists to push feminist-flavored social justice rhetoric. They adopted a code of conduct, established a Community Working Group, and basically bend over backwards to satisfy the demands of those who see the open source world as a problematic place where meritocracy is used to justify gatekeeping and elitism.
Over the last few weeks the Drupal community has been in turmoil over the news that Drupal 8 lead developer Larry Garfield AKA Crell has been forced to leave the project:
A few weeks ago, I privately asked Larry Garfield, a prominent Drupal contributor, to leave the Drupal project. I did this because it came to my attention that he holds views that are in opposition with the values of the Drupal project.