Drupal Warns of New Remote-Code Bug, the Second in Four Weeks (arstechnica.com)

Posted by msmash on Wednesday April 25, 2018 @08:00AM from the dispatch dept.

For the second time in a month, websites that use the Drupal content management system are confronted with a stark choice: install a critical update or risk having your servers infected with ransomware or other nasties. From a report: Maintainers of the open-source CMS built on the PHP programming language released an update patching critical remote-code vulnerability on Wednesday. The bug, formally indexed as CVE-2018-7602, exists within multiple subsystems of Drupal 7.x and 8.x. Drupal maintainers didn't provide details on how the vulnerability can be exploited other than to say attacks work remotely. The maintainers rated the vulnerability "critical" and urged websites to patch it as soon as possible.

3 of 50 comments (clear)

Min score:

Reason:

Sort:

A new twist on term 'open source' by TheZeitgeist · 2018-04-25 08:11 · Score: 5, Funny

Apparently, the source is open more ways than one.
How outrageous by Billly+Gates · 2018-04-25 08:18 · Score: 4, Funny

Drupal and php are so well secured and up to date that this can happen is simply inconceivable

--
http://saveie6.com/
1. Re:How outrageous by Narcocide · 2018-04-25 08:35 · Score: 3, Funny
  
  Drupal and php are so well secured and up to date that this can happen is simply inconceivable
  You keep using that word... I do not think it means what you think it means.