Skip to main content

Critical Remote Code Execution Vulnerabilities Patched by Drupal

posted onOctober 19, 2018
by l33tdawg
Softpedia
Credit: Softpedia

Unpatched versions of the Drupal open source content management system (CMS) are vulnerable to remote exploitation which could lead to remote code execution.

Given enough privileges associated with the user that the Drupal installation runs under, this could allow bad actors to create new accounts with full users rights, as well as view, change, delete data on the compromised target.

Therefore, compromised servers where Drupal is launched using a user with limited rights will be a lot less impacted than those where Drupal runs under an administrator account. The remote code execution vulnerability exists within the default Drupal mail system because of improper sanitization for shell arguments, which could result in a website being fully compromised.

Source

Tags

Security

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th