Geeks for your information News Privacy & Security News v
Critical Remote Code Execution Vulnerabilities Patched by Drupal
Critical Remote Code Execution Vulnerabilities Patched by Drupal
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,064 in 3,838 posts
Thanks Given: 6,200
Joined: 12 September 18
#1
19 October 18, 13:30
Quote:Drupal patched two critical remote code execution vulnerabilities which would have allowed attackers to exploit Drupal CMS installations with versions prior to 7.60, 8.6.2, and 8.5.8.

The first critical vulnerability resided in Drupal's DefaultMailSystem::mail() mailing component and it leads to RCE when sent emails contain variables which were not sanitized for shell arguments. The second critical security issue patched by Drupal was present in the Contextual Links module which did not sufficiently validate requested contextual links.
"This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access contextual links," according to Drupal's SA-CORE-2018-006 security advisory.

Source: https://news.softpedia.com/news/critical...3315.shtml
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Surfshark VPN : Award-winning VPN servi...
5-9-14 Eyes and VP...jasonX — 12:04
QOwnNotes
26.3.24  Added bl...Kool — 10:38
K-Lite Codec Pack 19.6.0 / 19.6.4 Update
Changes in 19.6.4 ...harlan4096 — 09:03
Privazer 4.0.120.1
Privazer 4.0.120.1...harlan4096 — 09:01
Google has officially moved its advanced...
Anti-Lag 2 is no m...harlan4096 — 09:00

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>