Drupal fixes three vulnerabilities, including one RCE

2020-06-19 10:45

Drupal's security team has fixed three vulnerabilities in the popular content management system's core, one of which could be exploited to achieve remote code execution.

Drupal is a free and open-source web content management system, and over a million sites run on various versions of it.

Both of these flaws affect Drupal versions 8.8.x, 8.9.x and 9.0.x. The third one - CVE-2020-13663 - also affects Drupal 7.x, the most widely used Drupal version.

Admins of Drupal-based sites are advised to upgrade to Drupal v7.72, 8.8.8, 8.9.1 or 9.0.1.

Versions of Drupal 8 prior to 8.8.x are end-of-life and do not receive security coverage.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/AYJYJ2vXt6A/

#drupal #RCE #vulnerabilities #CVE-2020-13663

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-11	CVE-2020-13663	Cross-Site Request Forgery (CSRF) vulnerability in Drupal Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities. network drupal CWE-352	6.8

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Drupal		135	209	504	90	16	819

News URL

Related news

Related Vulnerability

Related vendor