No RESTful the wicked: If your website runs Drupal, you need to check for security updates – unless you enjoy being hacked

www.theregister.co.uk | 2/20/2019 | Staff
marked (Posted by) Level 4
Click For Photo: https://regmedia.co.uk/2019/02/20/shutterstock_witch_evil.jpg

Website admins are today urged to update their Drupal installations following the disclosure of a potentially serious vulnerability in the web publishing software. And when we say potentially serious, we mean, someone can potentially hack and hijack your site via this flaw.

The security hole, designated CVE-2019-6340, is a remote-code-execution flaw caused by Drupal neglecting to properly check data from RESTful web services.

Exploit - Vulnerability - Hacker - Code - Website

A successful exploit of the vulnerability would allow a hacker to remotely run malicious code on the targeted website's server, effectively commandeering the site. Drupal has classified the bug as "highly critical," and recommends admins patch the flaw ASAP.

"Some field types do not properly sanitize data from non-form sources," Team Drupal said in disclosing the vulnerability. "This can lead to arbitrary PHP code execution in some cases."

Website - Drupal - Core - RESTful - Web

A website is open to attack if it is powered by Drupal 8 core with the RESTful Web Services (rest) module enabled, and it handles PATCH or POST requests, or the site has another web services module enabled, such as JSON:API in...
(Excerpt) Read more at: www.theregister.co.uk
Wake Up To Breaking News!
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!