Security News > 2019 > February > Hackers Actively Exploiting Latest Drupal RCE Flaw Published This Week
2019-02-26 12:48
Cybercriminals have actively started exploiting an already patched security vulnerability in the wild to install cryptocurrency miners on vulnerable Drupal websites that have not yet applied patches and are still vulnerable. Last week, developers of the popular open-source content management system Drupal patched a critical remote code execution (RCE) vulnerability (CVE-2019-6340) in Drupal
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/K7g8FhHI_WM/drupal-hacking-exploit.html
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-02-21 | CVE-2019-6340 | Deserialization of Untrusted Data vulnerability in Drupal Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. | 6.8 |