Security News > 2017 > June > Drupal Patches Flaw Exploited in Spam Campaigns (Security Week)

Drupal Patches Flaw Exploited in Spam Campaigns (Security Week)
2017-06-22 08:53

Drupal security updates released on Wednesday address several vulnerabilities, including one that has been exploited in spam campaigns. The flaw exploited in the wild, patched with the release of Drupal versions 7.56 and 8.3.4, is a moderately critical access bypass vulnerability tracked as CVE-2017-6922. read more


News URL

http://feedproxy.google.com/~r/Securityweek/~3/pRyFf5gxdxg/drupal-patches-flaw-exploited-spam-campaigns

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-01-22 CVE-2017-6922 Files or Directories Accessible to External Parties vulnerability in multiple products
In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users.
network
low complexity
drupal debian CWE-552
6.5
6.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Drupal 135 209 504 90 16 819