image credit: pxhere
The vulnerability, tracked as CVE-2020-13671, has been classified as critical, but it’s worth mentioning that Drupal uses the NIST Common Misuse Scoring System, which assigns vulnerabilities a score ranging between 0 and 25, with “critical” being only the second highest rating, after “highly critical.”
An attacker who can upload files to a server can use certain types of extensions to bypass restrictions and get malicious code executed.
Comments are closed.
