Drupal Data Manipulation vulnerability

Last Update Date: 12 Oct 2016 10:18 Release Date: 12 Oct 2016 3514 Views

RISK: High Risk

High Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

A vulnerability was identified on Drupal, a remote attacker can exploit this vulnerability to upload file to the targeted system. The uploaded file will be publicly accessible.

Impact

  • Data Manipulation

System / Technologies affected

  • Version: 7.x, 8.x

Solutions

Note: No patch is currently available.

 

Workaround:

1. Configure anonymous can only upload files to the private file system.
2. Ensure cron is properly running on the site.
3. Only authenticated user can upload content.
4. Audit your public file system periodically.

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Cisco IOS, IOS XE and IOS XR IKEv1 Vulnerability

19 Sep 2016 4090 Views

Next

Adobe Monthly Security Update (Oct 2016)

12 Oct 2016 3557 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY