Critical Remote Code Execution Vulnerabilities Patched by Drupal
#1
Quote:Drupal patched two critical remote code execution vulnerabilities which would have allowed attackers to exploit Drupal CMS installations with versions prior to 7.60, 8.6.2, and 8.5.8.

The first critical vulnerability resided in Drupal's DefaultMailSystem::mail() mailing component and it leads to RCE when sent emails contain variables which were not sanitized for shell arguments. The second critical security issue patched by Drupal was present in the Contextual Links module which did not sufficiently validate requested contextual links.
"This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access contextual links," according to Drupal's SA-CORE-2018-006 security advisory.

Source: https://news.softpedia.com/news/critical...3315.shtml
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
XYplorer
What's new in Rele...Kool — 04:07
QOwnNotes
26.7.2 Added supp...Kool — 03:40
WhatsApp Launches New Username Feature ...
WhatsApp Opens Usern...harlan4096 — 17:12
AnyDesk 9.7.9 for Windows
Version 9.7.9 for ...harlan4096 — 15:57
uBOLite 2026.705.2152 (already available...
uBOLite 2026.705.2...harlan4096 — 10:23

[-]
Birthdays
Today's Birthdays
avatar (47)dapedDow
avatar (49)TromPerl
Upcoming Birthdays
avatar (46)RidgeDimb
avatar (37)ipumaqar
avatar (51)tanliorsPeri
avatar (43)lapedDow
avatar (49)rituabew
avatar (37)omyjul
avatar (41)papedDow
avatar (50)ArnoldFum
avatar (38)yfaza
avatar (49)Kevensi
avatar (48)ConradRoand
avatar (39)boineDon
avatar (51)spoofTum
avatar (50)WillieVot
avatar (40)Grompelbawn
avatar (41)vkseogaF
avatar (37)usogy
avatar (40)ywixazok
avatar (38)ixoqe
avatar (36)pa.OpenTran

[-]
Online Staff
mjcn19's profile mjcn19

>