Drupal vulnerabilities leave millions of websites in danger

Drupal has warned its users that its websites are in danger if they do not update in time to the latest version published last October 15th.

Automatic attacks that compromise webs created with Drupal 7, which were not updated to the 7.32 version, began a few hours after the patch was published.

Drupal is a software package of open source that provides a content management system (CMS) for websites. It is third in the market regarding popularity behind WordPress and Joomla and it is believed that this serious vulnerability of injection of the SQL code has compromised 12 million websites.

Curiously the last update Drupal 7.32 corrected this type of vulnerabilities. They explain that the problem is that it is no longer valid to update these compromised sites; something has happened through “automatic attacks” seven hours after the patch was published.

Source: http://noticias.seguridadpc.net/?p=10130

English