Drupal 7 Content Management System provided by JumpBox
JumpBox Inc. | jb v1.8.2 app v7.22Linux/Unix, Ubuntu 10.0.4 - 32-bit Amazon Machine Image (AMI)
Highly critical security flaw in Drupal 7 pre version 7.32
"A malicious user can inject arbitrary SQL queries and thereby control the complete Drupal site." Security advisory note from SektionEins
This issue was given prominent coverage in the media, so it's really surprising that this AMI has not been updated. Even the BBC covered the story:
Millions of websites hit by Drupal hack attack
http://www.bbc.com/news/technology-29846539
The issue has been resolved in Drupal 7.32.
See the full advisory note:
https://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html
- Leave a Comment |
- Mark review as helpful
showing 1 - 1