(originally published 11/29/2014)
The team that maintains the open source Drupal platform have issued a warning in regards to the SQL vulnerability that was first disclosed a couple of weeks ago, warning users of the Drupal 7 platform that they should assume that their website has been hacked, if they hadn’t patched it within about 7 hours of the announcement and patch fix release.
The reason why they say that is because, shortly after the initial announcement was made on October 15th, attacks targeting the vulnerability began springing up immediately, and incidents exploiting that vulnerability have been in coo
Drupal is a popular open source content management system, with a user community in excess of 1 million users and 31,000 developers. Drupal is based primary on PHP, and works with a range of database servers, such as MySQL, MongoDB, MS SQL Server, and PostgreSQL, among others.
Ironically the vulnerability, which if exploited allows SQL injection attacks, was uncovered in a module that was designed to prevent SQL injection attacks. Paging Dr. Irony to the ER.
