SIMonline

Service receive & sending SMS

Vulnerability of Drupal Could Allow Remote Code Execution

111   |     /   Security
Vulnerability of Drupal Could Allow Remote Code Execution
Security updates released for the Drupal Content Management System (CMS) fix an “extremely critical” vulnerability that can be used to remotely execute code.



Renting a number for SMS will help when registering pages in social networks, such as whatsapp, facebook, twitter, classmates, VKontakte, etc.

According to the Drupal developers, a security hole, tracked as CVE-2019-6340, is caused by the lack of proper data cleaning in some types of fields, which in some cases may allow an attacker to execute arbitrary PHP code. The problem was discovered by Samuel Mortenson of the Drupal security group.

Operation CVE-2019-6340 is possible if the RESTful Web Services core module is enabled and it allows PATCH or POST requests. Operation is also possible if another web services module is included, such as JSON: API in Drupal 8 or RESTful web services or services in Drupal 7.

Drupal 8.6.10 and 8.5.11 should fix the vulnerability. Drupal 7 does not need to be updated, but there are some updates for modules added to Drupal 7 that users are recommended to install.

“To immediately fix the vulnerability, you can disable all web service modules or configure your web server (s) to prohibit PUT / PATCH / POST requests to web service resources,” Drupal said in a message. “Please note that web services resources may be available in several ways, depending on the configuration of your server (s). For Drupal 7, resources, for example, are usually accessible through paths (pure URLs) and through arguments to the q query argument. For Drupal 8, paths can still function if preceded by index.php /. "

It is important that users install updates as soon as possible, given that very often vulnerabilities for Drupal are exploited in the wild shortly after the release of the fixes.

Last year, cybercriminals hacked into a significant number of Drupal sites using two vulnerabilities called Drupalgeddon2 and Drupalgeddon3. Attackers used flaws to deliver RAT, cryptocurrencies and scammers from technical support.

Other recent attacks included exploits that linked Drupalgeddon 2 to a Linux kernel vulnerability known as DirtyCOW.

Similar news


Cloud Security Issues

Companies are increasingly moving sensitive data to the cloud, but cybersecurity, including the human factor and technology, is still a problem for many, according to a new report published by Oracle and KPMG.

Vulnerability of WP Cost Assessment Plugin, Crash for WordPress Sites

Enemies can hack WordPress sites using vulnerabilities in a rather popular plugin called WP Cost Assessment & Payment Forms Builder.

Intel SGX can be used to hide malware

A team of researchers has demonstrated that Intel SGX technology can be used to conceal advanced and hidden malware that could allow attackers to steal data and conduct actions on behalf of the victim. Intel claims that its technology works as intended and is not designed to block this type of attack.



SIMONLINE.SU

This is not only a service for receiving and sending SMS messages to virtual numbers, but also a tutorial on user safety in the modern world, the latest developments in IT, social media security, fresh programs and lessons that simplify our lives. So are other issues encountered by the average user. In simple words, each user will find for themselves something interesting or answers to their questions.

SIMonline © 2020

All rights reserved