company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO

Application Security Engineer

DevsecOps Engineer

IT Manager

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Drupal

CMS

loading..
loading..
loading..

Drupal Fixes A Major Software Defect Beneficial For Hackers

Drupal, which is known presently as the fourth commonly used content management service has fixed a critical software error that can allow hackers gain full acc...

24-Nov-2020
2 min read

Drupal, which is known presently as the fourth commonly used content management service (CMS) platform on Internet after WordPress, Shopify and Joomla has fixed a critical software error that can allow hackers gain full access over risky websites.

Reports stated that the Drupal team this week released security updates to repair the major risk.

Tracked as CVE-2020-13671, the risk is easy to exploit and trust on the principle of- double extension- trick.

The report further elaborated that the attackers can add a second extension to a suspicious file, upload it on a Drupal site through open upload fields and have the malicious executed.

The Drupal team said the risk the CMS does not sanitise "certain" file names, allowing some suspicious files to pass through.

This can lead to - files being considered as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting arrangements.

During the last month, it was found out that the cyber security researchers pulled out a massive botnet network termed- KashmirBlack, which was being run from Indonesia that has hacked various websites running popular content management systems (CMSs) which includes WordPress, Drupal and Joomla among others.

According to the US- based Cyber Security form Imperva, the highly-advanced botnet is trusted to have infected hundreds of thousands of websites by attacking their basic CMS platforms.

The botnet's basic intention is to infect websites and then use their servers for crypto currency mining.

From Indonesia, the hackers have the authority for a command-and-control (C&C) infrastructure for operating KashmirBlack.

Was this article useful? If Yes, then keep following and connect with us on Twitter, Facebook, Linkedin to receive the latest Cyber Security news