Skip to main content

Drupal Remote Code Execution Vulnerabilities

Last Update Date: 30 Nov 2020 10:04 Release Date: 30 Nov 2020 4974 Views

RISK: Medium Risk

TYPE: Servers - Internet App Servers

TYPE: Internet App Servers

Multiple vulnerabilities were identified in Drupal, a remote user could exploit some of these vulnerabilities to trigger remote code execution on the targeted system.


Impact

  • Remote Code Execution

System / Technologies affected

  • Drupal 7
  • Drupal 8.8 or earlier
  • Drupal 8.9
  • Drupal 9.0

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  • Drupal 7: Update to Drupal 7.75
  • Drupal 8.8 or earlier: Update to Drupal 8.8.12
  • Drupal 8.9: Update to Drupal 8.9.10
  • Drupal 9.0: Update to Drupal 9.0.9

Vulnerability Identifier


Source


Related Link