Although there are countless benefits to content management systems, they also have a few downsides.
Recently, this disadvantage became evident when headlines surfaced that a popular CMS called Drupal had a vulnerability that could make it possible for as many as one million websites to be attacked by hackers and cybercriminals if the security loophole wasn’t patched.
Drupal labeled the threat as “highly critical” since hackers would have the ability to fully take over a website if they were able to gain entry. Drupal 6.x, Drupal 7.x, and Drupal 8.x, specifically, are vulnerable.
This weakness was discovered by developer Jasper Mattsson during a routine exam of the CMS’ security. While Drupal didn’t go into specifics about what the vulnerability was they did allude to the fact that hackers have the ability to breach Drupal sites.
According to Drupal, the following components are included in the vulnerability:
- Accessed data can be deleted or modified
- Default configurations
- Non-public data can be breached
Within hours after Drupal announced the security threat, online hackers began actively assaulting the platform in an attempt to exploit the flaw.
According to Dark Reading:
“The speed at which malicious attackers recently exploited a remote code execution flaw in the Drupal content management system (CMS) should serve as fresh warning about the need for organizations to test processes for quickly responding to vulnerability disclosures.”
If you have an account with Drupal, visit the CMS’s website to read more about the security threat warnings and how to fix the vulnerabilities.