1 Replies - 1654 Views - Last Post: 29 March 2018 - 09:06 AM

#1 modi123_1   User is offline

  • Suitor #2
  • member icon



Reputation: 15361
  • View blog
  • Posts: 61,609
  • Joined: 12-June 08

[link] Update Drupal ASAP to 7.58 or 8.5.1

Posted 29 March 2018 - 09:00 AM

Well that's a bit scary. Update yo' sites!


Quote

Developers of popular open-source CMS Drupal are warning admins to immediately patch a flaw that an attacker can exploit just by visiting a vulnerable site.

The bug affects all sites running on Drupal 8, Drupal 7, and Drupal 6. Drupal's project usage page indicates that about a million sites are running the affected versions.

Admins are being urged to immediately update to Drupal 7.58 or Drupal 8.5.1.
[...]
The problem lies in Drupal core and is caused by missing input validation.
[...]
"The new released version, 7.58, has a new file called 'request-sanitizer.inc' that contains functions to clean user input supplied through a GET, POST or a cookie."

"The underlying problem is that the Drupal core (much like other frameworks) accepts request parameters as array objects. A user can pass an array object to the application with the keyname containing the payload which Drupal would process without sanitization."


http://www.zdnet.com...by-any-visitor/

https://www.drupal.org/psa-2018-001

Is This A Good Question/Topic? 0
  • +

Replies To: [link] Update Drupal ASAP to 7.58 or 8.5.1

#2 astonecipher   User is offline

  • Senior Systems Engineer
  • member icon

Reputation: 3001
  • View blog
  • Posts: 11,551
  • Joined: 03-December 12

Re: [link] Update Drupal ASAP to 7.58 or 8.5.1

Posted 29 March 2018 - 09:06 AM

:beta1: :notify:
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1