Drupal has patched several vulnerabilities in versions 6 and 7 of the content-management system, including a critical bug that enables an attacker to hijack administrators’ accounts and take arbitrary actions on target sites. That vulnerability lies in the OpenID module in Drupal that enables users to authenticate themselves using the OpenID protocol. The protocol is based […]
Tag Archives: Drupal
Assume ‘Every Drupal 7 Site Was Compromised’ Unless Patched By Oct. 15
The maintainers of the Drupal content management system are warning users that any site owners who haven’t patched a critical vulnerability in Drupal Core disclosed earlier this month should consider their sites to be compromised.
Drupal Patches XSS Vulnerability in Spam Module
Drupal released an update that patches a moderately critical cross-site scripting vulnerability in its Mollom content and spam moderation module.