March 22, 2023

Drupal has released four patches addressing vulnerabilities. One of them has been rated critical and the other three moderately critical.

The critical vulnerability, tracked as CVE-2022-25277, affects Drupal 9.3 and 9.4 impacting Drupal core and it can lead to arbitrary PHP code execution on Apache web servers by uploading specially crafted files.

Advertisements

Apache web servers are impacted and only with specific configurations. They have advised website admins to check their server for possible signs of compromise.

The three other issues impact the Drupal core. Their exploitation can lead to cross-site scripting attacks, information disclosure, or access bypass.

Patches for these vulnerabilities are included in Drupal 9.4.3 and 9.3.19. The information disclosure flaw also impacts Drupal 7 and a fix has been included in version 7.91.

The US CISA has advised Drupal users to review the advisories and install the updates.

Tags:

Leave a Reply

You may have missed

Mandiant Report – Nation State Zero Day Exploits in 2022

Mandiant Report – Nation State Zero Day Exploits in 2022

March 22, 2023
Mispadu Banking Trojan

Mispadu Banking Trojan

March 22, 2023
DotRunpeX – Malware Injector Spreads in Wild

DotRunpeX – Malware Injector Spreads in Wild

March 21, 2023
Killnet Targets Healthcare Azure Resources

Killnet Targets Healthcare Azure Resources

March 21, 2023
NBA suffers a Data Breach – Third Party Provider Data Stolen

NBA suffers a Data Breach – Third Party Provider Data Stolen

March 21, 2023
Ferrari – Cyber Attack Ransom Demanded

Ferrari – Cyber Attack Ransom Demanded

March 21, 2023
%d bloggers like this: