News

Drupal patches serious vulnerabilities in modules that allow site takeover

By admin
Spread the love

Content management system Drupal warns of serious vulnerabilities in three modules that make it possible to take over a site. These are modules that are used by a small number of sites; the organization estimates the total number to be between 1,000 and 10,000.

The core of the Drupal system has not been affected, the security team said in a message. The modules are Restws, Coder and Webform Multiple File upload. The functionality of the cms can be expanded with these types of modules. The vulnerabilities allow remote code execution and have been given weightings of up to 22 out of 25 points, making them very serious.

Patches for the leaks were released on Wednesday. Drupal has let via Twitter know that the Coder module does not need to be enabled to be attacked, it just needs to be located somewhere in the webroot. Drupal expects that exploits for the vulnerabilities will certainly appear within hours or days and therefore calls on users to update as soon as possible.

According to The Register, Drupal has been downloaded about 15 million times in total, compared to 30 million downloads from Joomla and 140 million downloads from WordPress.

You might also like
News

X begins to deploy the audio and video calling function (but only paying users can…

News

EU Council determines position on security requirements for digital products

News

Zeeland power grid is full, grid operator stops new requests from major consumers

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Telegram has over 800 million active users and is not yet profitable

News

Elon Musk: Twitter loses half of ad revenue

Exit mobile version