Patch/Configuration Management, Vulnerability Management

Drupal patches multiple vulnerabilities in versions 6 and 7

The security team for open source content management system (CMS) Drupal has released an advisory that details vulnerabilities affecting versions 6 and 7 of the platform and directs users to updated versions of the software.

According to the Wednesday advisory, the CMS was vulnerable to one “critical” vulnerability in its OpenID module that “allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts.”

While the vulnerability allowing user “impersonation” affected Drupal versions 6 and 7, three other “less critical” bugs impacting Drupal 7 were also addressed with the updates: two open redirect flaws and an information disclosure vulnerability. Drupal 6 users can upgrade to Drupal core 6.36, while Drupal 7 users can install Drupal core 7.38, the advisory said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.