In today's article we wanted to talk about the serious vulnerabilities that have hit this year the different Drupal versions.
They will undoubtedly be pulling their hair to correct the large handful of gaps they have suffered. To us, pensonally, we have already had a case, the problem in these cases is always an outdated CMS, either by the version of the PHP on which it works or by Drupal itself.
I have always said that a CMS brings great advantages, a lot of community and plugins and a very fast development and maintenance. But when something is used by many people ... on security issues it is always a problem. During these months, countless exploits have been seen to violate all affected versions of Drupal, to which they add scripts to inject advertising on the affected pages and / or undermine cryptocurrencies both at the client and server level.
To raise awareness of how simple and fast an outdated drupal can be violated, we have recorded the following video, I repeat, for didactic purposes:
The solution is always a good maintenance, which begins by updating to the latest version. We had a particular case, in which the company in question had reprogrammed part of the drupal core, preventing this update, even though on the official Drupal security notices page, they always explain how the vulnerability occurs and how it has been resolved, allowing To an administrator or programmer correct the problem manually.
What do you think about security in CMS? Has anyone been affected by these vulnerabilities?