Web Hosting Community Forum for Webmasters - Web hosting Forum
Web Hosting Main Forums => Hosting Security and Technology => Vulnerabilities => Topic started by: Kailash on March 20, 2015, 11:07:23 PM
Drupal has released an update to address two critical vulnerabilities present in all version prior to 6.35 and 7.35. The vulnerabilities were as follow:
- Access bypass (Password reset URLs – Drupal 6 and 7)
- Open redirect (Several vectors including the "destination" URL parameter – Drupal 6 and 7)
For complete description of this vulnerabilities, kindly refer Drupal security advisories (http://news.webhostingdiscussion.net/drupal-patches-allowed-hackers-to-forge-password-reset-urls.htm).
If you are using Drupal, it is highly recommended that you upgrade to version 6.35 (if you are using 6.x version) or 7.35 (if you are using Drupal 7.x version).
- Kailash