Submission + - Drupal Warns Users of Mass, Automated Attacks on Critical Flaw
Trailrunner7 writes: The maintainers of the Drupal content management system are warning users that any site owners who haven’t patched a critical vulnerability in Drupal Core disclosed earlier this month should consider their sites to be compromised.
The vulnerability, which became public on Oct. 15, is a SQL injection flaw in a Drupal module that’s designed specifically to help prevent SQL injection attacks. Shortly after the disclosure of the vulnerability, attackers began exploiting it using automated attacks. One of the factors that makes this vulnerability so problematic is that it allows an attacker to compromise a target site without needing an account and there may be no trace of the attack afterward.
The vulnerability, which became public on Oct. 15, is a SQL injection flaw in a Drupal module that’s designed specifically to help prevent SQL injection attacks. Shortly after the disclosure of the vulnerability, attackers began exploiting it using automated attacks. One of the factors that makes this vulnerability so problematic is that it allows an attacker to compromise a target site without needing an account and there may be no trace of the attack afterward.