If you haven’t recently updated your Drupal-based blog or business website to the latest available versions, it’s the time.
Drupal development team yesterday released important security updates for its widely used open-source content management software that addresses a critical and three “moderately critical” vulnerabilities in its core system.
Considering that Drupal-powered websites are among the all-time favorite targets for hackers, the website administrators are highly recommended to install the latest release Drupal 7.69, 8.7.11, or 8.8.1 to prevent remote hackers from compromising web servers.
Critical Symlinks Vulnerability in Drupal
The only advisory with critical severity includes patches for multiple vulnerabilities in a third-party library, called ‘Archive_Tar,’ that Drupal Core uses for creating, listing, extracting, and adding files to tar archives.
The vulnerability resides in the way the affected library untar archives with symlinks, which, if exploited, could allow an attacker to overwrite sensitive files on a targeted server by uploading a maliciously crafted tar file.
Due to this, to be noted, the flaw only affects Drupal websites that are configured to…
http://feedproxy.google.com/~r/TheHackersNews/~3/cUqypTmC5Zw/drupal-website-hacking.html