Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

Drupal dev team fixed Remote Code Execution flaws in the popular CMS

Drupal
The Drupal development team has patched several vulnerabilities in version 7 and 8 of the popular CMS, including RCE flaws.

The development team of the Drupal content management system addressed several vulnerabilities inversion 7 and 8, includingsome flaws that could be exploited for remote code execution.

Drupal team fixed a critical vulnerability that resides in the Contextual Links module, that fails to properly validate requested contextual links. The flaw could be exploited by an attacker with an account with the “access contextual links” permission for a remote code execution,

“The Contextual Links module doesn’t sufficiently validate the requested contextual links.” reads the security advisory.
“This vulnerability is mitigated by the fact that an attacker must have a role with the permission “access contextual links”.”

Another critical vulnerability fixed by the development team is an injection issue that resides in theDefaultMailSystem::mail()function. The root...(continued)

View All Trending Stories