![]() This issue only affected sites with RESTful web services module, and the comment entity REST resource enabled. Basically, they could post comments without needing authorization. Through this loophole, users could post comments using the REST API without correct permissions. Versions of Drupal 8.2.2 and below were affected.Ī moderately critical vulnerability, this one affected Drupal 8 versions. Hackers conducted man-in-the-middle attacks to exploit this vulnerability. A 3rd party development library included in Drupal 8 development dependencies became vulnerable to remote code execution. Versions prior to Drupal 8.1.10 allowed hackers to execute arbitrary HTML scripts into Drupal websites via vectors.ĭrupal became vulnerable to remote code execution in 2017, exposing it to the threat of database credential theft. The hackers can then access session tokens, cookies, and other user information. While these codes will not affect your website itself, the end-users’ browsers will get infected once they visit and load your website. Typically, malicious JavaScript codes are implanted into your website. ![]() These codes get activated when users load the website on their browsers. In an XSS attack, hackers misuse loopholes and gaps within an application to insert malicious codes/scripts in its web pages. Drupal immediately released advisories and remedial methods. In 2018, Drupalgeddon 1 and Drupalgeddon 2 also hit the platform, and both exposed a Remote Code Execution vulnerability. The vulnerability paved the way for arbitrary SQL execution, and depending on the content of requests, it lead to privilege escalation, arbitrary PHP execution, and other attacks.ĭrupal’s advisory labeled this vulnerability as highly critical, with a risk score of 25/25. Versions prior to Drupal 7.3.2 were affected. The Drupal 7 database API abstraction layer contained loopholes that rendered it vulnerable to SQL injection attacks. The Most Critical Drupal Vulnerabilities you should be Aware ofĭating back to 2014, the ‘Drupalgeddon’ was an SQL vulnerability that shook the entire platform. Fixes for Drupal Security and Vulnerabilities.The Most Critical Drupal Vulnerabilities you should be aware of.In this guide, we will discuss all the best practices for Drupal security, so that you can shield your Drupal website from web security threats. Mostly it has been observed that Drupal houses cross-site scripting, remote code execution, and SQL injection vulnerabilities. Almost 50% of these were labeled as highly critical by the platform. In 2019, Drupal released advisories associated with 12 vulnerabilities. Far below WordPress and Joomla’s numbers.Įven though it’s safer than its competitors, Drupal falls prey to multiple vulnerabilities every year. Statistics in 2018 revealed that only 11% of the total vulnerabilities reported that year came from Drupal. Though a little behind in terms of market share, it is generally praised for being relatively secure when compared with other major eCommerce CMS like WordPress, Magento, Joomla, etc. Drupal is an Open Source CMS that powers around 3% websites online.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |