Nytro Posted August 21, 2015 Report Posted August 21, 2015 Drupal 6.37 and 7.39 released, critical vulnerabilities addressedRobert Abel, Content CoordinatorOpen source content management (CMS) platform Drupal has issued security patches to address several critical vulnerabilities affecting Drupal 6 and 7.According to the Wednesday advisory, versions of Drupal prior to 6.37 and 7.39 contain three vulnerabilities, including a cross-site scripting bug in the Autocomplete system, a cross-site request forgery bug in Form API, and an information disclosure flaw in Access system.The cross-site forgery vulnerability located in Form API “could allow a malicious user to upload files to the site under another user's account,” the advisory said.Vulnerable versions of Drupal 7 are affected by two additional issues, including a cross-site scripting bug in the Ajax system and a SQL injection vulnerability in Database API.The SQL injection vulnerability can enable a “user with elevated permissions to inject malicious code in SQL comments,” the advisory said.Sursa: Drupal 6.37 and 7.39 released, critical vulnerabilities addressed - SC Magazine Quote
