1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Three popular Drupal modules get patches for site takeover flaws

Discussion in 'Network World' started by RSS, Jul 13, 2016.

  1. RSS

    RSS New Member Member

    The security team of the popular Drupal content management system worked with the maintainers of three third-party modules to fix critical vulnerabilities that could allow attackers to take over websites.

    The flaws allow attackers to execute rogue PHP code web servers that host Drupal websites with the RESTWS, Coder or Webform Multiple File Upload modules installed. These modules are not part of Drupal's core, but are used by thousands of websites.

    The RESTWS module is a popular tool for creating Rest application programming interfaces (APIs) and is currently installed on over 5,800 websites. Unauthenticated attackers can exploit the remote code execution vulnerability in its page callback functionality by sending specially crafted requests to the website.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page