On February 20, 2019, the Drupal security team has announced a highly critical remote code execution vulnerability in Drupal 8, tracked as SA-CORE-2019-003 and CVE-2019-6340, in the latest security update bulletin. The official site sets this vulnerability as Highly Critical, with a 21/25 security risk score. The vulnerability is actually caused by the lack of proper data sanitization in some fields when users enable Drupal Core RESTful Web Services (rest) module. In some cases, it allows arbitrary PHP code execution, remote and complete control over the server.
Date Published:2019-02-28 Read More >>
Security Event More>>
- 2019-02-28 [Alert] Drupal 8 Remote Code Execution Vulnerability
- 2018-12-22 [Alert] Remote Code Execution Vulnerability in Multiple ThinkPHP 5 Versions
- 2018-10-24 [Alert] WebLogic Java Deserialization Vulnerability (CVE-2018-3245)
- 2018-09-19 [Alert] New Remote Code Execution Vulnerability in All ECShop Products
- 2018-08-24 Struts2 Remote Code Execution Vulnerability (S2-057)
Third-Party Anti-Malware Software
Check if your network is infected with virus.