Home » News » Security Updates Released by Druple

Dated: June 19, 2015

Description
Druple, the famous free and open source content management framework used by 2.1% of websites worldwide, has released updates to patch several critical vulnerabilities.
– One vulnerability allows users an attacker to log in as other users on the site, including administrators
– Another vulnerability can allow an attacker to construct a URL and redirect users there using Social Engineering
– One vulnerability does not validate URLs prior to displaying their contents

Affected Versions
– Drupal core 6.x versions prior to 6.36
– Drupal core 7.x versions prior to 7.38

Recommendation
NUST CSIRT encourage users and Web admins to install the following latest versions:
– If using Drupal 6.x, upgrade to Drupal core 6.36
– If using Drupal 7.x, upgrade to Drupal core 7.38

References
[1]. https://www.drupal.org/SA-CORE-2015-002