Drupal Fixes Highly Critical SQL Injection Flaw

ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Other Software > Developer's Corner

(1/1)

KynloStephen66515:
Drupal has patched a critical SQL injection vulnerability in version 7.x of the content management system that can allow arbitrary code execution. The flaw lies in an API that is specifically designed to help prevent against SQL injection attacks. "Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks," the Drupal advisory says. "A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks."
--- End quote ---

http://it-beta.slashdot.org/story/14/10/15/2048218/drupal-fixes-highly-critical-sql-injection-flaw

Navigation

[0] Message Index

Go to full version