Drupal SQL Injection Vulnerability leaves Millions of Websites Open to Hackers
Nov 03, 2014
One of the most popular content management systems, Drupal , is warning its users to consider their websites as compromised unless their sites were updated immediately with a security patch released on 15 October 2014. Drupal is an open source software package which provides a Content management system (CMS) for websites including MTV, Popular Science, Sony Music, Harvard and MIT. Drupal is used to power roughly 1 billion websites on Internet, which puts Drupal in third place behind the juggernaut Wordpress and then Joomla. Drupal's security team has released a " public service announcement " on Wednesday for its users to warn them of the SQL injection attack revealed two weeks ago, compromising almost 12 million of the widely used Drupal 7 websites. Users are asked to immediately update their websites to Drupal 7.32 within seven hours of the announcement of the vulnerability. " Automated attacks began compromising Drupal 7 websites that were not patched ...
