The Latest in IT Security

Old Drupal Flaw Still Used to Hack Websites

02
Jun
2016
Old Drupal Flaw Still Used to Hack Websites

sh_Drupal1500_converted

More than 19 months after it was patched by Drupal developers, a critical SQL injection vulnerability in the popular content management system is still being exploited by malicious actors to hack websites.

The vulnerability in question, tracked as CVE-2014-3704 and dubbed by researchers “Drupalgeddon,” is related to a database abstraction API used in Drupal 7. The flaw allows attackers to execute arbitrary SQL queries, which can lead to privilege escalation or code execution. A patch was released on October 15, 2014.

Read More

Leave a reply


Categories

SATURDAY, AUGUST 24, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks