Three days, five different Drupal vulnerabilities
September 18th, 2008
In the world of security a lot can happen in three days. Lets take the popular web content management system Drupal. Over the past three days both Secunia and Security Focus have published a total of five Drupal vulnerabilities. Although These advisories have all been patched in the latest release of Drupal, many companies and organizations on the web rely on Drupal to handle their day to day business, but how many of them keep their installation up to date? Cross Site Scripting or HTML Injection, SQL Injection and security bypasses are just the attack vectors targeted in these five Drupal vulnerabilities.
Drupal XSS / HTML Injection
http://www.securityfocus.com/bid/31146
http://www.securityfocus.com/bid/31224
Drupal Script Insertiaion
http://secunia.com/Advisories/31889/
Drupal SQL Injection
http://secunia.com/Advisories/31877/
Drupal Talk Module Script Insertion and Security Bypass
http://secunia.com/Advisories/31908/
Entry Filed under: Vulnerabilities, Web Application Security
Trackback this post