Security News > 2019 > February > Highly critical Drupal RCE flaw could lead to new Drupalgeddon, patch now!
2019-02-21 11:48
A new Drupalgeddon might be brewing: a highly critical vulnerability affecting all versions of the popular content management framework could allow hackers to take over vulnerable Drupal installations and the websites running on them. About the vulnerability (CVE-2019-6340) The remote execution flaw exists because some field types do not properly sanitize data from non-form sources and this can be exploited to achieve arbitrary PHP code execution. It is deemed highly critical because it can be … More → The post Highly critical Drupal RCE flaw could lead to new Drupalgeddon, patch now! appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/420uZ8ptCDk/
Related news
- Apache issues patches for critical Struts 2 RCE bug (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
- Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected (source)
- Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)
- SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation (source)
- Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-21 | CVE-2019-6340 | Deserialization of Untrusted Data vulnerability in Drupal Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. | 8.1 |