Drupal, which is known presently as the fourth commonly used content management service has fixed a critical software error that can allow hackers gain full acc...
Drupal, which is known presently as the fourth commonly used content management service (CMS) platform on Internet after WordPress, Shopify and Joomla has fixed a critical software error that can allow hackers gain full access over risky websites.
Reports stated that the Drupal team this week released security updates to repair the major risk.
Tracked as CVE-2020-13671, the risk is easy to exploit and trust on the principle of- double extension- trick.
The report further elaborated that the attackers can add a second extension to a suspicious file, upload it on a Drupal site through open upload fields and have the malicious executed.
The Drupal team said the risk the CMS does not sanitise "certain" file names, allowing some suspicious files to pass through.
This can lead to - files being considered as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting arrangements.
During the last month, it was found out that the cyber security researchers pulled out a massive botnet network termed- KashmirBlack, which was being run from Indonesia that has hacked various websites running popular content management systems (CMSs) which includes WordPress, Drupal and Joomla among others.
According to the US- based Cyber Security form Imperva, the highly-advanced botnet is trusted to have infected hundreds of thousands of websites by attacking their basic CMS platforms.
The botnet's basic intention is to infect websites and then use their servers for crypto currency mining.
From Indonesia, the hackers have the authority for a command-and-control (C&C) infrastructure for operating KashmirBlack.
Was this article useful? If Yes, then keep following and connect with us on Twitter, Facebook, Linkedin to receive the latest Cyber Security news