Geeks for your information News Privacy & Security News v
Critical Remote Code Execution Vulnerabilities Patched by Drupal
Critical Remote Code Execution Vulnerabilities Patched by Drupal
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,064 in 3,838 posts
Thanks Given: 6,200
Joined: 12 September 18
#1
19 October 18, 13:30
Quote:Drupal patched two critical remote code execution vulnerabilities which would have allowed attackers to exploit Drupal CMS installations with versions prior to 7.60, 8.6.2, and 8.5.8.

The first critical vulnerability resided in Drupal's DefaultMailSystem::mail() mailing component and it leads to RCE when sent emails contain variables which were not sanitized for shell arguments. The second critical security issue patched by Drupal was present in the Contextual Links module which did not sufficiently validate requested contextual links.
"This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access contextual links," according to Drupal's SA-CORE-2018-006 security advisory.

Source: https://news.softpedia.com/news/critical...3315.shtml
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
[Test & Review Request] Looking for fee...
Can you at least int...jasonX — 00:35
[Test & Review Request] Looking for fee...
Can you at least int...jasonX — 00:31
Hasleo software (formerly called EasyUE...
Hasleo WinToHDD vers...jasonX — 00:15
[Test & Review Request] Looking for feed...
Hi Geeks, :D Followi...LFTyyy — 13:57
Manjaro Linux 26.0.4 Build 260327
Manjaro Linux 26.0...harlan4096 — 09:46

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>