Security News > 2020 > June > Drupal fixes three vulnerabilities, including one RCE
Drupal's security team has fixed three vulnerabilities in the popular content management system's core, one of which could be exploited to achieve remote code execution.
Drupal is a free and open-source web content management system, and over a million sites run on various versions of it.
Both of these flaws affect Drupal versions 8.8.x, 8.9.x and 9.0.x. The third one - CVE-2020-13663 - also affects Drupal 7.x, the most widely used Drupal version.
Admins of Drupal-based sites are advised to upgrade to Drupal v7.72, 8.8.8, 8.9.1 or 9.0.1.
Versions of Drupal 8 prior to 8.8.x are end-of-life and do not receive security coverage.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/AYJYJ2vXt6A/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-11 | CVE-2020-13663 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities. | 6.8 |