Drupal, currently the fourth most used content management service (CMS) platform, has released out-of-band security updates for some critical code execution flaws – CVE-2020-28948, CVE-2020-28949 – in Drupal core. Exploiting these vulnerabilities will allow code execution attacks.
These updates are critical as Drupal has confirmed the existence of the known exploits for one of the core’s dependencies.
Read More: Ransomware Surge – How Enterprises can successfully Augment their Cyber Resilience
It is the second time in a week that the Drupal core has received security updates – the earlier ones fixed a code execution vulnerability (CVE-2020-13671) that could have been triggered by malicious files with a double extension.
Source: helpnetsecurity