News

Dangerous bug in Drupal 7 makes cms sensitive to sql injections – update

By admin
Spread the love

The open source CMS Drupal is struggling in version 7 with a bug in the so-called database abstraction api. This allows attackers to perform SQL injections on vulnerable websites. Drupal calls the bug highly critical and has released update 7.32.

The bug in Drupal Core, the basis of the cms, is painful for Drupal: the database abstraction api is intended to check database queries for the input provided. In addition, the flaw in the code was publicly posted on Drupal’s website nearly a year ago. Nevertheless, it appears to be possible to perform sql injections on Drupal websites running on version 7.x. This allows an attacker to gain admin rights and, among other things, loot, delete or take a website offline.

Drupal calls the bug ‘very critical’ and has since released version 7.32 to close the gap. Users of Drupal 7.31 and below are advised to install the update as soon as possible. Drupal users who cannot update their website themselves can also manually perform a repair by modifying the code in the ‘database.inc’ file. Version 6.x is not vulnerable to this attack method, by the way.

Update, 20.00: The bug is also in the beta of Drupal 8. An update has been released to fix the bug.

You might also like
News

Space shooter Everspace 2 comes to PlayStation 5 and Xbox Series on August 15

How To

How to Make WMA Files Compatible with Android Devices?

News

Source code for Far Cry 1 from 2004 appears online

News

Gigabyte: Vsoc voltage on our AM5 motherboards does not exceed 1.3V limit

News

France is investigating whether Apple is breaking the law by making iPhone repairs…

News

Apple puts feature for creating AI version of your own voice in iOS