Wednesday, October 29, 2014

Sites using Drupal content management could be compromised by SQL injection vulnerability unless they applied patch immediately

A major content management system vendor was apparently hacked, and customers have been warned that unless they patched their systems within seven hours of the discovery of a vulnerability to an SQL injection attack. Restoration would require going to database backups as of Oct. 15.  This would be very costly for some operations, perhaps news sites. 
The content company is Drupal.  I’m not aware that any of my stuff uses it.  Also, I don’t keep ANY consumer or user personal information on any sites.  I hope there are no ties to Blogger or Wordpress;  I don’t think there is.  (Wordpress uses simply MySQL, I think.) 
The detailed news story is on zdnet, link here.   Drupal’s own announcement is here
Webroot tweeted this story today a short time ago.  This was the first I had heard of it.

No comments: