CMS platform Drupal has released security updates to patch the critical vulnerability called CVE-2020-13671. The vulnerability was easy to exploit and relied on “double extension” trick. The said vulnerability didn’t allow CMS to sanitise “certain” file names, letting malicious files to slip in. The situation could lead to “files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations”.

Click here to read the full story