Advertisement
Top

Drupal Patches Flaw Exploited in Spam Campaigns

June 22, 2017

Via: Security Week
Category:

Drupal security updates released on Wednesday address several vulnerabilities, including one that has been exploited in spam campaigns.

The flaw exploited in the wild, patched with the release of Drupal versions 7.56 and 8.3.4, is a moderately critical access bypass vulnerability tracked as CVE-2017-6922.

The problem is that files uploaded by anonymous users to a private file system can be accessed by all anonymous users, not just the user who uploaded them, as it should be. The security hole only affects websites that allow anonymous users to upload files to a private file system.

Read More on Security Week

RELATED PUBLICATIONS

OpenAI’s GPT-4 can exploit real vulnerabilities by reading security advisories
Unpatched Vulnerabilities: The Most Brutal Ransomware Attack Vector
Google Patches Exploited Pixel Vulnerabilities

Latest Publications

The importance of the Vulnerability Operations Centre for cybersecurity
Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes
FIN7 targeted a large U.S. carmaker with phishing attacks
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!