Drupal warns of serious abuse vulnerability




A vulnerability to SQL injection which was earlier this month found in Drupal, is being actively exploited. The content management system alerts administrators of a Drupal installation that they are infected if they have not patched the leak.

Each Drupal installation within seven hours after the release of the patch should be updated on October 15 considered compromised, warns the cms. This is because attackers would have automatically searched for Drupal installations were vulnerable to the vulnerability. That vulnerability allows attackers to inject own sql code. The vulnerability could also mean that attackers can inject their own PHP code.

Who Drupal has not yet updated to the latest version, is therefore too late, according to the warning. Installing the patch because not ensure that existing backdoors be removed. It is in the case of contamination advisable to back up for October 15 locations back and then immediately patch. It is even recommended to take a new server, according Drupal, or remove all websites and databases at least.

It is unknown where the latter opinion arises; possible Drupal afraid attackers from php affected other parts of the system. If the php installation executing shell commands allow even be that attackers have searched for other security issues to gain escalated privileges.


In: Technology & Gadgets Asked By: [15554 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »