Drupal warns of abuse of serious security vulnerability

Spread the love

A sql injection vulnerability found in Drupal earlier this month is being actively exploited. The content management system warns administrators of a Drupal installation that they are infected if they have not yet patched the vulnerability.

Any Drupal installation that is not updated within seven hours of the patch’s release on October 15 should be considered compromised, the CMS warns. That’s because attackers allegedly searched for Drupal installations that were vulnerable to the vulnerability. That vulnerability allows attackers to inject their own SQL code. The vulnerability could also allow attackers to inject their own PHP code.

If you have not yet updated Drupal to the latest version, it is too late, according to the warning. Installing the patch does not remove existing backdoors. In case of contamination, it is recommended to restore a backup from before October 15 and then patch it immediately. It is even advisable to get a new server, according to Drupal, or at least remove all websites and databases.

It is unknown where that last advice stems from; Drupal may be concerned that attackers have compromised other parts of the system from within PHP. In fact, if the php installation allows executing shell commands, attackers may have looked for other security vulnerabilities to gain higher system privileges.

Facebook Notice for EU! You need to login to view and post FB Comments!
You might also like