Software update: Drupal 7.60 / 8.5.8 / 8.6.2

Oct

22

2018

Updates have appeared for versions 7 , 8.5 and 8.6 of Drupal, which need to fix various vulnerabilities. Drupal is a php-written, user-friendly and powerful content management platform with which, for example, websites can be created. It is simple enough for a novice user, but powerful enough to build a more complex website. The program includes a content management platform and a development framework. Below are the vulnerabilities that have been addressed in Advisory SA-CORE-2018-006 .

Content moderation – Moderately critical – Access bypass – Drupal 8
In some conditions, content moderation fails to check a users’ access to certain transitions, leading to an access bypass.

External URL injection through URL aliases – Moderately Critical – Open Redirect – Drupal 7 and Drupal 8
The path module allows users with the ‘administer paths’ to create pretty URLs for content. In certain circumstances the user can enter a particular path that triggers an open redirect to a malicious url.

Anonymous Open Redirect – Moderately Critical – Open Redirect – Drupal 8
Drupal core and contributed modules frequently use a “destination” query string parameter in URLs to redirect users to complete the current page. Under certain circumstances, malicious users can use this parameter to construct a URL that will trick users into being redirected to a third party website, providing users with potential social engineering attacks.

Injection in DefaultMailSystem :: mail () – Critical – Remote Code Execution – Drupal 7 and Drupal 8
When sending email some variables were not sanitized for shell arguments, which could lead to remote code execution.

Contextual Links validation – Critical – Remote Code Execution – Drupal 8
The Contextual Links module does not validate the requested contextual links. This vulnerability is mitigated by the fact that access contextual links.
Drupal 8.6.0 Umami food magazine demo (620 pix)

Version number 7.60 / 8.5.8 / 8.6.2
Release status Final
Operating systems Script language
Website
Drupal
Download
https://ftp.drupal.org/files/projects/drupal-8.6.2.tar.gz
License type GPL

Viewing:-467

In: A Technology & Gadgets Asked By: [22121 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »


Star Points Scale

Earn points for Asking and Answering Questions!

Grey Sta Levelr [1 - 25 Grey Star Level]
Green Star Level [26 - 50 Green Star Level]
Blue Star Level [51 - 500 Blue Star Level]
Orange Star Level [501 - 5000 Orange Star Level]
Red Star Level [5001 - 25000 Red Star Level]
Black Star Level [25001+ Black Star Level]