Drupal SQL injection Flaw
Friday 31st October 2014 at 4:10pm by Daniel O
Drupal, an open source content management platform powering millions of websites and applications and has recently been patched due to a massive SQL injection flaw that could potentially allow a malicious user to load arbitrary code onto implementations running version 7.
For a detailed description of the security issue visit:
SA-CORE-2014-005 - Drupal core - SQL injection - https://www.drupal.org/SA-CORE-2014-005
Since the discovery and disclosure of the security flaw, Drupal's security team have promptly fixed the vulnerability and rolled out an update that allow website/web-server administrators to patch their systems.
But now Drupal's security team have released a public service announcement, stating “You should proceed under the assumption that every Drupal 7 website was compromised” with a security risk level of 25/25 this is bad news for most Drupal developers.
For a detailed description of the PSA visit:
PSA-2014-003 - Public Service announcement - https://www.drupal.org/PSA-2014-003
At Two Superior we take security seriously and keep a close eye on what happens around us. Most of our sites are built from scratch unless requested, instead of using content management platforms such as Drupal or WordPress. Only a select few of our current clients are currently using Drupal, but if you are a Two Superior customer and have any questions or concerns feel free to get in contact with us!
Comments
More News
Monday 29th June 2015 - We are pleased to announce the new Harbron Recruit website is now live! Harbron Recruit got in touch with us recently, as they wanted their Wordpress site moving to a bespoke platform and also wanted to extend their site with custom functionality.
Tuesday 28th April 2015 - Just as your screens and internet connections leap into the future, so should your website!
Thursday 23rd April 2015 - Google has now released it’s new mobile search algorithm and has released a handy tool to help you check your website.
Wednesday 15th April 2015 - Sometimes you find that your web browser just doesn’t have that certain feature that you want. Extensions and plugins have come to the rescue, but are the extensions or plugins you have installing from a trusted source?
Friday 10th April 2015 - Quite often when we need to write a large amount of code to complete a particular task we’ll first look to see if someone has already written an open source library which we can use instead of spending hours or days writing something that will do that same thing.