Wednesday, October 29, 2014
Sites using Drupal content management could be compromised by SQL injection vulnerability unless they applied patch immediately
A major content management system vendor was apparently hacked, and customers have been warned that unless they patched their systems within seven hours of the discovery of a vulnerability to an SQL injection attack. Restoration would require going to database backups as of Oct. 15. This would be very costly for some operations, perhaps news sites.
The content company is Drupal. I’m not aware that any of my stuff uses it. Also, I don’t keep ANY consumer or user personal information on any sites. I hope there are no ties to Blogger or Wordpress; I don’t think there is. (Wordpress uses simply MySQL, I think.)