[SingCERT] Alert on Drupal Critical Vulnerabilities
24 October 2018
Drupal is a content management software that is used by numerous companies around the world to manage content and host websites. There are over one million sites using Drupal including popular websites such as NBC, Fox, The Economist, Twitter, and Pinterest.
Drupal has announced security patches for five vulnerabilities, including two critical vulnerabilities. The first critical vulnerability allows attackers to inject commands into the default mail function, which could lead to remote code execution. The second critical vulnerability involves insufficient validation in the Contextual Links module, which could also result in remote code execution.