Leading content management service (CMS) platform Drupal has released security updates to patch a critical vulnerability that is easy to exploit and can let hackers take full control over the vulnerable sites.
Drupal is currently the fourth most used CMS platform on the internet after WordPress, Joomla, and Shopify. The company gave a critical rating to vulnerability.
The vulnerability – CVE-2020-13671- is easy to exploit and relies on the double extension trick. Attackers can add a second extension to a malicious file, upload it on a Drupal site through open upload fields, and have it executed.