Skip to main content

Hackers could attack 1 million websites in a content management system flaw

A vulnerability discovered in a popular content management system could leave nearly 1 million websites open to attack if left unpatched. The developers behind the content management system, Drupal, label the issue as “highly critical” because the vulnerability enables various attack points and could grant hackers complete control of a website. The vulnerability exists within Drupal 6.x, Drupal 7.x, and Drupal 8.x.  

A content management system is the backbone of a website. It’s a database that stores and manage all digital input, including articles, images, photos, and more. Most content management system layouts provide a friendly interface for inserting content along with the necessary search engine optimization fields to get the resulting webpage noticed on Google, Yahoo, Bing, and so on. 

Drupal is just one of many content management systems to manage pages and media across a website. A few other systems include WordPress, Joomla, and Kentico while many websites simply rely on an in-house content management system for the highest level of customization and security.  

Jasper Mattsson of development house Druid found the vulnerability in Drupal, dubbed as SA-CORE-2018-002, as part of Drupal’s routine security examination. The Drupal team doesn’t go into specifics but merely state that hackers could compromise a Drupal-based site. So far, there is no known exploit to take advantage of this vulnerability, thus site-based sabotage is merely theoretical for now. 

Based on the company’s in-house scoring system, here is what the vulnerability covers: 

  • All non-public data is accessible
  • All data can be modified or deleted
  • Default or common module configurations are exploitable, but a config change can disable the exploit 

“Note on the last point that while a configuration change can theoretically mitigate the issue, it would have to be a drastic configuration change,” the Drupal team states. “The Security Team strongly recommends that the best solution is for sites to upgrade.” 

Finally, here is  Drupal’s update schedule to fix the vulnerability: 

Version  Status  Solution 
Drupal 6.x 

End of Life 

Contact a D6LTS vendor 

Drupal 7.x 

Active 

Upgrade to Drupal 7.58 or
install this patch. 

Drupal 8.3.x 

Not supported 

Upgrade to Drupal 8.3.9 or
install this patch. 

Drupal 8.4.x 

Not supported 

Upgrade to Drupal 8.4.6 or
install this patch. 

Drupal 8.5.x 

Active 

Upgrade to Drupal 8.5.1 or
install this patch. 

 “Drupal 8.3.x and 8.4.x are no longer supported and we don’t normally provide security releases for unsupported minor releases,” the team adds. “However, given the potential severity of this issue, we are providing 8.3.x and 8.4.x releases that includes the fix for sites which have not yet had a chance to update to 8.5.0.” 

According to BuiltWith, 37 percent of the websites using a content management system rely on WordPress followed by Drupal at nine percent and Google’s Search Appliance at three percent. The stats also show that Drupal powers 928,443 sites while WordPress backs 19,883,677 websites, or 5.3 percent of the entire internet, as of April 2.

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
This HP 15-inch laptop is discounted from $460 to $300
hp 15 6 inch laptop deal may 2023 15t featured image lifestyle

If you're planning to buy a new laptop but you don't need all the bells and whistles to keep the cost low, you should check out the HP Laptop 15z. It's currently on sale from HP at $160 off, which pulls its price down to an affordable $300 from $460 originally. With the growing importance of owning a dependable laptop, there's always high demand for offers like this one, so you'll have to proceed with the purchase immediately if you don't want to miss out on the discount.

Why you should buy the HP Laptop 15z
The HP Laptop 15z won't blow you away with its specifications, as it's humbly equipped with the AMD Athlon Silver 7120U processor and AMD Radeon Graphics, with 8GB of RAM that's considered by our guide on how much RAM do you need as a starting point for laptops. The device won't be able to edit large video files or play the latest video games like the best laptops, but it will do a fine job in helping you complete daily tasks like browsing the internet, editing documents, working with spreadsheets, and preparing presentations. It can also serve as a decent entertainment hub with its 15.6-inch HD display that's surrounded by narrow bezels on three sides.

Read more
Now’s a great time to buy Google Home, Android and Chromebook
The Google Nest Hub Smart Display on a nightstand.

This content was produced in partnership with Best Buy.
Best Buy has a huge variety of cool tech seeing discounts right now, with Google Home and Android products stealing the show, along with some major discounts on Chromebooks. If you’re in the market for one of the best smart home devices or need to land something practical for work or school, it’s worth browsing these deals to see if a discount is available on the piece of tech you have your eye on. You’ll find all sorts of great devices with discounted prices, from Google smart displays to wireless security cameras and from HP Chromebooks to Samsung Galaxy smartphones.
Why you should shop the Google Home sale

Google has really settled into itself as a maker of smart home devices and ecosystems, and right now at Best Buy you can pounce on all sorts of things to add to your smart home setup. Pricing starts as low as and savings reach as high as $500 on a . Low prices on popular products reach across the board, with the , and the 4K model of the . If you’ve already got a fairly complete smart home setup, you can easily shop for a new device that or . Whether you shop for an upgrade to your smart home or shop just to land some savings, get over to Best Buy now and browse the Google Home discounts.

Read more
Apollo, a Reddit app featured during WWDC, is being shuttered
The Reddit app icon on an iOS Home screen.

On Thursday, the developer of the popular Apollo app for Mac, which is a third-party interface for Reddit, announced that the app would be closing. The app will remain live until June 30.

The developer announced the change in a Reddit post, saying "Eight years ago, I posted in the Apple subreddit about a Reddit app I was looking for beta testers for, and my life completely changed that day... Today's a much sadder post than that initial one eight years ago." The developer originally went to the social media platform to protest Reddit's changes to API pricing. After talks turned "ugly," they said Apollo would be closing.

Read more