Overview On 18 November 2020, Drupal released an advisory for critical Remote Code Execution Vulnerability (CVE-2020-13671). Successful exploitation of this vulnerability may allow attackers to take over vulnerable sites. The bug exists in Drupal core due to improper sanitization of certain filenames on uploaded files. This results in the files being interpreted as an invalid extension and can be treated as a wrong MIME … Continue reading “Drupal Core Remote Code Execution Vulnerability (CVE-2020-13671)”
Tag: Drupal
Identify and Remediate Most Exploited Vulnerabilities in last 5 years using VMDR
Summary: Amidst the global pandemic time period, DHS CISA and FBI share list of top 10 most exploited vulnerabilities on May 12,2020. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA) and the Federal Bureau of Investigation (FBI), urges organizations in the public and private sector to apply necessary updates in order to … Continue reading “Identify and Remediate Most Exploited Vulnerabilities in last 5 years using VMDR”
Drupal Wordspaces Module Access Bypass Vulnerability (SA-CORE-2019-008)
On the 17th of July, an advisory addressing a access bypass vulnerability was made public. This was assigned CVE-2019-6342 by MITRE and the associated security risk was deemed critical by Drupal in SA-CORE-2019-008. Vulnerability Details: An access bypass condition allows an attacker to bypass security restrictions in place to perform certain actions. The vulnerability exists … Continue reading “Drupal Wordspaces Module Access Bypass Vulnerability (SA-CORE-2019-008)”
Drupal Critical RCE Patch Release [CVE-2018-7602]
Drupal released a critical update to address CVE-2018-7602. Upon exploiting the bug an attacker can gain remote code execution that can compromise the site. The vulnerability affects Drupal 7.x and 8.x. The vulnerability was disclosed by Drupal’s in house team. A similar bug (CVE-2018-7600) was patched SA-CORE-2018-002. Both of these vulnerabilities are being exploited in the wild. … Continue reading “Drupal Critical RCE Patch Release [CVE-2018-7602]”
Drupal Critical RCE Patch Release [CVE-2018-7600]
On 21 March 2018 Drupal released a statement that a major vulnerability was reported. They have rated this vulnerability as critical. As per their statement “exploits might be developed within hours or days”, Due to the severity of the issue Drupal is releasing patches for unsupported version as well. CVE-2018-7600 has been assigned to track this issue. Drupal security … Continue reading “Drupal Critical RCE Patch Release [CVE-2018-7600]”