In association with heise online

24 October 2008, 10:42

Holes in Drupal CMS closed

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Drupal's developers have released versions 6.6 and 5.12 of the Drupal CMS which address a number of vulnerabilities. Among them is a hole which allows attackers to inject and execute scripts and elevate their system access rights this way. The hole can only be exploited on web servers that incorporate a number of virtual host presences.

The developers also removed a Cross Site Scripting hole in the handling of the title in book pages. Users are strongly advised to install the update. Another advisory describes a Cross Site Scripting hole in a language localisation module. An updated module fixes this hole.

See also:

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-737771
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit