Security Flaw In Drupal Affects Millions Of Sites

Security Flaw In Drupal Affects Millions Of Sites

If you are an owner of a website which is based on popular C. M. S.(Content Management System) Drupal then this article is a must read for you. If your site is running Drupal version 7 then you may also have been affected by this newly discovered flaw which could allow a malicious user to modify or take complete control of your site.

According To Drupal :-

SA-CORE-2014-005 Drupal Core – Sql Injection,

“Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks.

A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks.

This vulnerability can be exploited by anonymous users.”

Updating Drupal to the latest version which is 7.32 will fix the vulnerability but would not recover an already compromised site. So if your website is already affected then you can follow these instructions to recover it.

Leave a Comment.