Drupal: Patch released today to fix a highly critical RCE in contributed modules
Drupal announced that they will release today (Wed July 13th 2016 16:00 UTC) a patch that will fix highly critical remote code execution vulnerabilities in contributed modules. Drupal core is not affected.
The vulnerability is a "PHP Arbitrary Code Execution" and is rated up to 22/25 (based on risk calculation model used by Drupal - details here). The vulnerable modules are used on between 1.000 and 10.000 instances.
If you maintain one or more Drupal websites, review the list of affected contributed modules and apply the patch as soon as possible if you're affected.
Link to the advisory ID: DRUPAL-PSA-2016-001
Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant
PGP Key
My next class:
Reverse-Engineering Malware: Advanced Code Analysis | Online | Greenwich Mean Time | Oct 28th - Nov 1st 2024 |
×
Diary Archives
Comments