Patch Issued for Drupal Vulnerable to SQL Injection

I am passing along this security alert coming from Security SIG:

A nasty SQL injection vulnerability has been disclosed in Drupal that allows an anonymous user to execute code and manipulate and/or delete stored data. Exploits are currently being used and posted.

This affects all versions of Drupal 7 prior to 7.32. It is strongly recommended that all those running Drupal 7 upgrade to core 7.32.

More information can be found here https://www.drupal.org/SA-CORE-2014-005 and here https://www.drupal.org/node/2357241.

The IS&T-managed Drupal Cloud service was patched last week.

If you know other system admins and/or departments that are responsible for running Drupal, we kindly ask that you pass this message along to them.

Read the story online.

Advertisements

About MIT
IT Security Awareness Consultant and Communications Specialist at MIT

Comments are closed.

%d bloggers like this: