Highly critical vulnerabilities allowing remote code execution in Drupal

Submitted by dryer on Wed, 07/13/2016 - 06:17
drupal is the key

Drupal is a popular open source content management system (CMS) that is used by hundreds of thousands of websites. Drupal relies heavily on third party modules to extend functionality. On July 13th 2016 a number of critical patches will be released to modules that are often used with Drupal to expand functionality in the following modules:

As any popular software, Drupal has had it's share of security issues, including Drupalgeddon which lead to the Panama Papers leak. In the case of Drupalgeddon the exposed systems were exploited within hours, so it is expected that this will be repeated in this case. Estimates are that around 1000 to 10000 sites are affected by the vulnerabilities. This is why developers need to be prepared for upgrading their as soon as possible

It should be underlined that the vulnerability is not in Drupal itself, but a number of 3rd party extensions. Details for patches for PSA-2016-001 will are available in the standard security section of Drupal.org: https://www.drupal.org/security/contrib