Security Updates Released For Drupal Modules

The Drupal community has released security updates for several modules reported Drupal CMS developers today. The modules aren’t part of the Drupal core but all of them are available for download on Drupal.org web site.

Developers reported that module named “Brilliant Gallery” is vulnerable to an SQL injection attack, that┬ácan allow access to the administrator account. Drupal developers recommended to module users┬áto disable the extension because at this time there is no patch available for the package. Drupal.org website has already removed the extension from the download section.

Another module that suffers from vulnerability to SQL injection attacks and is open to cross site scripting attacks is “Ajax Checklist”. Updates for this one are available.

A critical vulnerability was found in the “Plugin Manager” module. It allows any user to uninstall and remove modules from a Drupal system in insecure configurations. An update is available.

“SimpleNews” and “Stock” modules are anothr ones that have less critical cross site scripting issues, but updates are available for both.

About the Author

Dimitar A.
Dimitar is founder of the global Cloud & Infrastructure Hosting provider HostColor.com & European Cloud IaaS company RAX. He has two Decades-long experience in the web hosting industry and in building and managing Cloud computing infrastructure and IT ecosystems. Dimitar is also political scientist who has published books "The New American State" and "The New Polity". "The New American State" is one of the best current political books. It is focused on the change of the American political process. It offers a perspective on how the fourth industrial revolution, also called the Digital Revolution and Industry 4.0, marks the beginning of an era of deterritorialization.