News

Drupal warns of serious vulnerability abuse

By admin
Spread the love

An sql injection vulnerability found in Drupal earlier this month is being actively exploited. The content management system warns administrators of a Drupal installation that they are infected if they have not yet patched the vulnerability.

Any Drupal installation that has not been updated within seven hours of the October 15 patch being released should be considered compromised, warns the cms. That is because attackers would have automatically searched for Drupal installations that were vulnerable to the vulnerability. That vulnerability allows attackers to inject their own sql code. The vulnerability may also allow attackers to inject their own PHP code.

Anyone who has not yet updated Drupal to the latest version is therefore too late, according to the warning. Installing the patch does not remove existing backdoors. In case of contamination, it is advisable to restore a backup from before October 15 and then patch it immediately. It is even advisable to get a new server, says Drupal, or at least delete all websites and databases.

It is unknown where that last advice stems from; Drupal may be afraid that php attackers have compromised other parts of the system. In fact, if the php installation allows shell commands to be executed, attackers may have looked for other vulnerabilities to gain escalated system privileges.

You might also like
Downloads

Download Simple Machines Forum 2.1.3

Downloads

Download WordPress 6.1

Downloads

Download WordPress 6.0.3

Downloads

Download moOde audio player 8.2.1

Downloads

Download PhpStorm 2022.2.3

Downloads

Download OPNsense 22.7.5

Exit mobile version