Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Drupal version 8.2.7 address multiple vulnerabilities in the current version of the popular CMS

Drupal development team has issued a new release of the popular content management system (CMS), Drupal version 8.2.7, that fixes multiple vulnerabilities. The Drupal development team has released the Drupal version 8.2.7 that addressed a number of vulnerabilities in the popular CMS. The list of flaws includes an access bypass issue, a cross-site request forgery […]

Drupal PHP code execution

Drupal development team has issued a new release of the popular content management system (CMS), Drupal version 8.2.7, that fixes multiple vulnerabilities.

The Drupal development team has released the Drupal version 8.2.7 that addressed a number of vulnerabilities in the popular CMS. The list of flaws includes an access bypass issue, a cross-site request forgery (CSRF) vulnerability, and a remote code execution flaw.

An access bypass flaw, tracked as CVE-2017-6377, affecting the editor module is considered the most severe vulnerability

“When adding a private file via a configured text editor (like CKEditor), the editor will not correctly check access for the file being attached, resulting in an access bypass,” reads the description provided in the security advisory by Drupal.

Drupal version 8.2.7

Another moderately critical vulnerability is a CSRF flaw tracked as CVE-2017-6379, it is related to the lack of CSRF protection for some administrative paths. An attacker can exploit the issue to disable some blocks of a website by knowing their block ID.

Going on in the list, we find also a remote code execution vulnerability, CVE-2017-6381, which has also been rated moderately critical. The RCE flaw CVE-2017-6381 affects a third-party development library and is related to development dependencies.

The good news is that Drupal Composer dependencies are typically not installed, and by the default PHP execution protection in .htaccess.

In order to improve the security of the Drupal installs, the last release Drupal 8.2.7 includes a security update for phpunit development dependencies. Basically, the Drupal core in the new release requires the most secure version of phpunit available.

It is essential to update the Drupal version, CMS are privileged targets of hackers that try to exploit known vulnerabilities using exploit codes available online.

Outdated versions expose websites that its users to the risk of cyber attacks.

In September, the researchers at the SANS Institute’s Internet Storm Center reported seeing attempts to exploit a highly critical vulnerability in a third-party Drupal module, the RESTful Web Services (RESTWS) module.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Drupal version 8.2.7, Hacking)