Friday, 19 June 2015

Critical Vulnerability In CMS Software Drupal Poem

There is an important security update for the popular content management system (CMS) Drupal appeared that fixes multiple vulnerabilities, including a vulnerability that allows attackers websites can take over completely. The leak is in the OpenID module and makes it possible for an attacker as any user to log in, including the manager, and their account hijacking.

Via the other vulnerabilities, it was possible to determine certain information, and to send user via an "open redirect" to a third party website through. This could, for example, can be used for a social engineering attack. Administrators are advised to upgrade to Drupal 6.36 or 7.38.

No comments:

Post a Comment