Skip to main content


'You're updated!' Drupal says, with fingers crossed behind back

posted onJanuary 7, 2016
by l33tdawg

Drupal installations could be out of date and open to attack thanks to a borked update process that flags unpatched platforms as current.

The popular content management system is used by more than a million sites making it a significant target for hackers.

IOActive research man Fernando Arnaboldi says sites are now at risk of attack because Drupal 7 and 8 platforms are being marked as up-to-date, even if the automated patching process fails due to dead internet links.

Drupal flicks fix to nix OpenID admin account hijack hole

posted onJune 19, 2015
by l33tdawg

Drupal has shuttered a flaw in its implementation of OpenID that allows attackers to log in as web site administrators.

The flaw (CVE-2015-3234) is the most critical of four and affects versions six and seven of the content management system.

Drupal's security team say attackers can target unpatched systems if they hold an OpenID account. "A vulnerability was found in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts," the team wrote in an advisory .

Drupal warns of mass SQL injection website hacks

posted onOctober 30, 2014
by l33tdawg

The security team for Drupal project is warning users that websites running unpatched installations of version 7 of the popular open source content management system (CMS) may be compromised by automated attacks.

"You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15, 11pm UTC, that is 7 hours after the announcement," the security team said.

New crowdfunding platform targets Drupal development

posted onSeptember 24, 2013
by l33tdawg

A new crowdfunding platform – Drupalfund – is intended to make it easier to contribute to Drupal and accelerate development work on the open source content platform, according to Jozef Toth.

Toth, a co-founder of Drupalfund and the CEO of Slovakia-based Web development agency, said that a large portion of Drupal development has been based on individuals and companies donating time and money to the CMS.