The Latest in IT Security

Drupal Patches Flaw Exploited in Spam Campaigns

22
Jun
2017
Drupal Patches Flaw Exploited in Spam Campaigns

security-breaches-600x400

Drupal security updates released on Wednesday address several vulnerabilities, including one that has been exploited in spam campaigns.

The flaw exploited in the wild, patched with the release of Drupal versions 7.56 and 8.3.4, is a moderately critical access bypass vulnerability tracked as CVE-2017-6922.

The problem is that files uploaded by anonymous users to a private file system can be accessed by all anonymous users, not just the user who uploaded them, as it should be. The security hole only affects websites that allow anonymous users to upload files to a private file system.

Read More

Leave a reply


Categories

SUNDAY, NOVEMBER 19, 2017

Featured

Archives

Latest Comments

Social Networks