A critical PHPMailer bug tied to the way websites handle email and feedback forms is leaving millions of websites hosted on popular web-publishing platforms such as WordPress, Drupal and Joomla open to attack.
Drupal fixed a handful of issues in version 7 and 8 of the content management system core engine that could have led to cache poisoning, social engineering attacks, and a denial of service condition.
Three vulnerabilities were patched Wednesday in the Drupal content management system’s core engine, two of which were rated critical.
Just yesterday, I wrote a warning article announcing that Drupal – the popular open source content management system – will release patches for several highly critical Remote Code Execution (RCE) bugs that could allow attackers to fully take over any affected site.
Below are the three separate Drupal modules that affect up to 10,000 websites:
1. RESTful Web Services – a popular module used
Developers with the open source content management framework Drupal patched a series of highly critical remote code execution bugs in three separate modules today. If exploited, the bugs could let an attacker take over any site running the modules.
The extraordinary ‘Panama Papers leak’ from Law firm Mossack Fonseca that exposed the tax-avoiding efforts by the world’s richest and most influential members was initially believed to be the result of an unpatched vulnerability in the popular open source Drupal content management system.
Now, we are quite sure that the Panama Papers, which implicated 72 current and former heads of state, was
Drupal addressed 10 vulnerabilities in the CMS this week, including a critical access bypass issue and another issue that could lead to remote code execution.
A number of issues exist in the content management system Drupal that could lead to code execution and the theft of database credentials via a man-in-the-middle attack, a researcher warns.
A pair of modules included in the Drupal content management system have been updated to fix access bypass vulnerabilities that could allow an attacker to take actions on the behalf of some users. One of the modules fixed is the Twitter module, which allows users to take a variety of actions, including pulling in public […]
There are several critical vulnerabilities in a middleware layer used in Drupal, including both cross-site scripting and cross-site request forgery bugs, that can be exploited remotely. The vulnerabilities are in the Open Semantic Framework, which is a third-party project and not part of the Drupal Core. The framework is used to allow “structured data (RDF) […]