Drupal Security Advisories
This module enables you to automatically sort and rename your uploaded files using token based replacement patterns to maintain a nice clean filesystem.
The module doesn't sufficiently sanitize the path while a new file is uploading, allowing a remote attacker to...
This module enables you to add or overwrite PHP configuration on a drupal website.
The module doesn't sufficiently allow access to set these configurations, leading to arbitrary PHP configuration execution by an attacker.
- Advisory ID: SA-CORE-2018-005
- Project: Drupal core
- Version: 8.x
- CVE: CVE-2018-14773
- Date: 2018-August-01
The Drupal project uses the Symfony library. The Symfony library has released a security update that impacts Drupal. Refer to the Symfony security advisory for the issue.
The same vulnerability also exists in the Zend Feed and Diactoros libraries included in Drupal core; however, Drupal core does not use the...
This articles features links and information from the Peerless design Security presentation from various Drupal Camps in the Eastern US. Audio from New Jersey's impromptu presentation can be found on the Drupal Camp NJ site for 2014. The PDF version contains all info removed to accommodate time constraints. The entire presentation is available in a white paper available here.
Drupal Weekly Drop
It is 2018 and we are still talking about digital transformation? Wasn’t that finished and done ten or fifteen years ago? Not completely. Based on the study from Grand View Research the global digital transformation market size was valued at $177.27 billion in 2017 and is expected to reach...
Attackers are exploiting Drupalgeddon 2 critical vulnerability in Drupal to compromise systems & secretly turn them into malicious cryptocurrency mining machines like cryptojacking malware, mine for Monero.
The only side effects a victim might notice is that their system is running slower or doing more work than usual.