Many websites threatened by highly critical code-execution bug in Drupal

by
Dan Goodin
from Ars Technica - All content on (#49MWH)
server-800x533.jpg

Enlarge (credit: Victorgrigas)

Sites that run the Drupal content management system run the risk of being hijacked until they're patched against a vulnerability that allows hackers to remotely execute malicious code, managers of the open source project warned Wednesday.

CVE-2019-6340, as the flaw is tracked, stems from a failure to sufficiently validate user input, managers said in an advisory. Hackers who exploited the vulnerability could, in some cases, run code of their choice on vulnerable websites. The flaw is rated highly critical.

"Some field types do not properly sanitize data from non-form sources," the advisory stated. "This can lead to arbitrary PHP code execution in some cases."

Read 5 remaining paragraphs | Comments

index?i=ay_xJqmGf9k:sAN7cwUOlHY:V_sGLiPB index?i=ay_xJqmGf9k:sAN7cwUOlHY:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments