Security News > 2020 > June > Drupal fixes three vulnerabilities, including one RCE

Drupal fixes three vulnerabilities, including one RCE
2020-06-19 10:45

Drupal's security team has fixed three vulnerabilities in the popular content management system's core, one of which could be exploited to achieve remote code execution.

Drupal is a free and open-source web content management system, and over a million sites run on various versions of it.

Both of these flaws affect Drupal versions 8.8.x, 8.9.x and 9.0.x. The third one - CVE-2020-13663 - also affects Drupal 7.x, the most widely used Drupal version.

Admins of Drupal-based sites are advised to upgrade to Drupal v7.72, 8.8.8, 8.9.1 or 9.0.1.

Versions of Drupal 8 prior to 8.8.x are end-of-life and do not receive security coverage.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/AYJYJ2vXt6A/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-06-11 CVE-2020-13663 Cross-Site Request Forgery (CSRF) vulnerability in Drupal
Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.
network
low complexity
drupal CWE-352
8.8
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Drupal 15 0 66 45 14 125