Drupal is calling on its users to patch a dangerous remote code execution hole that can let attackers easily hijack sites. The content management system has some 15 million downloads, compared to WordPress on 140 million and Joomla with 30 million, but is used on big ticket and business sites including nine percent of the world’s 10,000 most popular sites. The remote code execution hole lies in Drupal modules used by about 14,000 websites. “The modules contains a remote code execution which could allow an attacker to completely take over the site using some specially crafted requests,” say Drupal security wonks.
View full story
ORIGINAL SOURCE: The Register
