Drupal fixes critical bug allowing hackers to access websites

By Binu MathewNovember 23, 2020

New Delhi: Drupal, which is currently the fourth most used content management service (CMS) platform on Internet after WordPress, Shopify and Joomla, has fixed a critical bug that could allow hackers to gain full access over vulnerable websites.

The Drupal team this week released security updates to patch the critical vulnerability, reports ZDNet.

Tracked as CVE-2020-13671, the vulnerability is easy to exploit and relies on “double extension” trick.

“Attackers can add a second extension to a malicious file, upload it on a Drupal site through open upload fields, and have the malicious executed,” the report said on Saturday.

The Drupal team said the vulnerability the CMS does not sanitise “certain” file names, allowing some malicious files to slip through.

Drupal fixes critical bug allowing hackers to access websites

More in IT

China tech giant Alibaba posts modest yearly revenue growth

Amazon replaces cloud unit chief Adam Selipsky with veteran Matt Garman

AI spending in India may triple to $5 billion by 2027: report

Must Read Articles

Poor Show

Zomato & Swiggy

Regulating Big Tech

Interview with Preetham Uthaiah, EVP – Marketing & Strategy Saankhya Labs

DoT launches portal for centralised RoW approvals

NCAER Working Paper

Real-Time-Bidding of your Data

DoT to get 33 pc stake of Vi for Rs 16,133 cr interest dues

National Data Governance Framework

BSNL 4G

Archives

You may also like

More in IT

Must Read Articles

Archives