In association with heise online

14 August 2008, 17:04

Security updates for Drupal CMS

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

In a security advisory, the developers of the Drupal content management system have warned of several security problems in versions 5.x and 6.x, assessing the vulnerabilities as generally "highly critical".

Besides a cross-site scripting problem (XSS), the advisory lists two possibilities of cross-site request forgery (CSRF). Among other things, new access rules could be set for users logged into the Drupal system, without their noticing, if they access a page or site created by a malicious person. Users with the right to administer the blog could also slip files into the system. Finally, the upload module contains errors allowing users with the right to upload files to enhance their privileges.

The developers are providing the corrected versions 5.10 and 6.4 for download, as well as patches for the previous versions.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit