22 FEB

Millions of websites threatened by highly critical code-execution bug in Drupal

Millions of websites threatened by highly critical code-execution bug in Drupal

Enlarge (credit: Victorgrigas)

Millions of sites that run the Drupal content management system run the risk of being hijacked until they’re patched against a vulnerability that allows hackers to remotely execute malicious code, managers of the open source project warned Wednesday.

CVE-2019-6340, as the flaw is tracked, stems from a failure to sufficiently validate user input, managers said in an advisory. Hackers who exploited the vulnerability could, in some cases, run code of their choice on vulnerable websites. The flaw is rated highly critical.

“Some field types do not properly sanitize data from non-form sources,” the advisory stated. “This can lead to arbitrary PHP code execution in some cases.”

Read 5 remaining paragraphs | Comments

Post Author: martin

Martin is an enthusiastic programmer, a webdeveloper and a young entrepreneur. He is intereted into computers for a long time. In the age of 10 he has programmed his first website and since then he has been working on web technologies until now. He is the Founder and Editor-in-Chief of BriefNews.eu and PCHealthBoost.info Online Magazines. His colleagues appreciate him as a passionate workhorse, a fan of new technologies, an eternal optimist and a dreamer, but especially the soul of the team for whom he can do anything in the world.

Related Posts '

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.