In association with heise online

30 January 2007, 16:35

Security update for CMS Drupal

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A critical security hole has been closed in versions 4.7.6 and 5.1 of the Drupal content management system. Developers say that the vulnerability allowed attackers to get control of the server. The flaw was found in the preview of comments, which are not processed with the usual form validation functions. Attackers could exploit the flaw to execute arbitrary code. However, only users / attackers who are authorized to make comments and have access to multiple input filters could exploit the flaw. Usually, users only have access to one filter. As a workaround, the developers recommend switching off the comments module or revoking the rights to make comments for all users.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit