Advertisement
Top

Old Drupal Flaw Still Used to Hack Websites

June 2, 2016

Via: Security Week
Category:

More than 19 months after it was patched by Drupal developers, a critical SQL injection vulnerability in the popular content management system is still being exploited by malicious actors to hack websites.

The vulnerability in question, tracked as CVE-2014-3704 and dubbed by researchers “Drupalgeddon,” is related to a database abstraction API used in Drupal 7. The flaw allows attackers to execute arbitrary SQL queries, which can lead to privilege escalation or code execution. A patch was released on October 15, 2014.

Read More on Security Week

RELATED PUBLICATIONS

Notorious Finnish Hacker sentenced to more than six years in prison
Google fixed critical Chrome vulnerability CVE-2024-4058
Palo Alto Networks Warns of Exploited Firewall Vulnerability

Latest Publications

Chinese government website security is often worryingly bad, say Chinese researchers
Indonesia sneakily buys spyware, claims Amnesty International
97% of security leaders have increased SaaS security budgets
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!