Drupal fixes critical bug allowing hackers to access websites

Friday, 24 March, 2023

Drupal fixes critical bug allowing hackers to access websites

<p>CMS platform Drupal has released security updates to patch the critical vulnerability called CVE-2020-13671. The vulnerability was easy to exploit and relied on "double extension" trick. The said vulnerability didn't allow CMS to sanitise "certain" file names, letting malicious files to slip in. The situation could lead to "files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations".</p>

Read full story at Infotech Lead

Tags:

Categories

Drupal fixes critical bug allowing hackers to access websites

Also Read

Leaked Black Basta Chat Logs Reveal Ransomware Gang's Inner Workings

Apple Removes iCloud End-to-End Encryption for UK Users Following Government Demand

Global Security Concerns Lead Nations to Restrict DeepSeek AI App Usage

CISA Election Security Officials Placed on Leave Amid Internal Review

Cisco Hacked: Cyberattack Exposes Sensitive Data Amid Security Breach

XE Hacker Group Exploits VeraCore Zero-Day Vulnerability for Cyber Attacks

Hackers Exploit Google Tag Manager To Inject Malicious Code, Steal Data

LLM Hijackers Target DeepSeek V3 Model, Raising AI Security Concerns

Australia Bans DeepSeek AI on Government Devices Over Security Concerns

Subscribe To Our Newsletter.