Drupal, one of the most important internet CMS, has discovered a “highly critical” vulnerability in recent days, which has led to the compromising of the data of up to one million web pages. This Drupal vulnerability has been quickly exposed by the company, which now recommends carrying out a series of updates in order to shield itself from this possible problem.
Site admins using Drupal should update immediately
This bug directly affects versions 6, 7 and 8 of Drupal, plus their corresponding variants, which are powering a big part of the nowadays websites.
The company has not given many explanations about it but summarizes in a few lines the core of the error:
“A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x.This potentially allows attackers to exploit multiple attack vectors in a Drupal site, which could result in a complete danger to it.”
The good news, however, is that the updates, at least in certain variants of the affected Drupal versions 7 and 8, are available directly to be carried out quickly and efficiently against this Drupal vulnerability.
The solution to shield against any type of attack that takes advantage of this error falls, therefore, on the heads of the sites’ administrators, who must update as soon as possible.
In a blog post that you can access here, Drupal team is explaining which are the affected supported versions and how to carry out this update exactly.
The recently discovered Drupal vulnerability is more serious than believed at first
This failure in the Drupal systems is one of the most serious that the platform has had to face in recent times, allowing any visitor to a website to remotely execute a code that would allow it to take control of the site.
It is the exploitation of the Drupal vulnerability that makes the danger so great for the platform’s correct functioning for the web pages that make use of it.