In association with heise online

25 September 2008, 14:03

Security updates for several Drupal extensions

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Several extensions to Drupal, the content management system have security issues according the Drupal developers. The extension modules are not part of the core Drupal system but have been available on the Drupal web site.

The "Brilliant Gallery" module is vulnerable to an SQL injection attack which can allow access to the administrator account. There is no patch available for the package and Drupal's developers recommend that users disable the extension; they have already removed the extension from their own website.

The "Ajax Checklist" module not only suffers from vulnerability to SQL injection attacks, but is open to cross site scripting attacks. In this case though, there are updates available for the module.

A critical vulnerability was found in the "Plugin Manager" module, which allowed, in insecure configurations, any user to uninstall and remove modules from a Drupal system. Again, an update is available, 6.x-1.2, that fixes these issues.

Less critical cross site scripting issues were found in the "SimpleNews" and "Stock" modules, with updates available for both.

See Also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit