Security Fixes for CMS Software

Friday, January 17, 2014 @ 12:01 PM gHale

Drupal 7.26 and 6.30 released and the new versions are just pure security fixes compared to adding new features.

A highly critical vulnerability was in Drupal’s OpenID module. An attacker could exploit it to impersonate other users on the website, including administrators, and take over their accounts.

Hole in Cisco Small Biz Routers
Backdoor Found in Routers
D-Link Patches Router Bugs
XSS Bugs in D-Link Routers

The attack only works if the victim has an account with an associated OpenID identity, and if the attacker has an account or is able to create one.

Another flaw, an access bypass issue, could end up leveraged to the point where an attacker could gain access to content that has not yet published, or one that users have no permission to see. This vulnerability is moderately critical.

Drupal 7.26 and 6.30 also come with some security improvements to the form API.

Leave a Reply

You must be logged in to post a comment.