In an XSS attack, hackers misuse loopholes and gaps within an application to insert malicious codes/scripts in its web pages. Drupal immediately released advisories and remedial methods. In 2018, Drupalgeddon 1 and Drupalgeddon 2 also hit the platform, and both exposed a Remote Code Execution vulnerability. The vulnerability paved the way for arbitrary SQL execution, and depending on the content of requests, it lead to privilege escalation, arbitrary PHP execution, and other attacks.ĭrupal’s advisory labeled this vulnerability as highly critical, with a risk score of 25/25. Versions prior to Drupal 7.3.2 were affected. The Drupal 7 database API abstraction layer contained loopholes that rendered it vulnerable to SQL injection attacks. The Most Critical Drupal Vulnerabilities you should be Aware ofĭating back to 2014, the ‘Drupalgeddon’ was an SQL vulnerability that shook the entire platform. Fixes for Drupal Security and Vulnerabilities.The Most Critical Drupal Vulnerabilities you should be aware of.In this guide, we will discuss all the best practices for Drupal security, so that you can shield your Drupal website from web security threats. Mostly it has been observed that Drupal houses cross-site scripting, remote code execution, and SQL injection vulnerabilities. ![]() ![]() Almost 50% of these were labeled as highly critical by the platform. In 2019, Drupal released advisories associated with 12 vulnerabilities. Far below WordPress and Joomla’s numbers.Įven though it’s safer than its competitors, Drupal falls prey to multiple vulnerabilities every year. Statistics in 2018 revealed that only 11% of the total vulnerabilities reported that year came from Drupal. Though a little behind in terms of market share, it is generally praised for being relatively secure when compared with other major eCommerce CMS like WordPress, Magento, Joomla, etc. Drupal is an Open Source CMS that powers around 3% websites online.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |