24 febrero, 2019 – Javier García

24 febrero, 2019

Drupal core – Highly critical – Remote Code Execution – SA-CORE-2019-003

Project: Drupal coreDate: 2019-February-20Security risk: Highly critical 21∕25 AC:None/A:None/CI:All/II:All/E:Proof/TD:UncommonVulnerability: Remote Code ExecutionCVE IDs: CVE-2019-6340Description: Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.A site is only affected by this if one of the following conditions is met:The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows GET, More info: https://www.drupal.org/sa-core-2019-003

24 febrero, 2019

Drupal core – Highly critical – Remote Code Execution – SA-CORE-2019-003

Project: Drupal coreDate: 2019-February-20Security risk: Highly critical 21∕25 AC:None/A:None/CI:All/II:All/E:Proof/TD:UncommonVulnerability: Remote Code ExecutionCVE IDs: CVE-2019-6340Description: Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.A site is only affected by this if one of the following conditions is met:The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows GET, More info: https://www.drupal.org/sa-core-2019-003

24 febrero, 2019

Drupal core – Highly critical – Remote Code Execution – SA-CORE-2019-003

Project: Drupal coreDate: 2019-February-20Security risk: Highly critical 21∕25 AC:None/A:None/CI:All/II:All/E:Proof/TD:UncommonVulnerability: Remote Code ExecutionCVE IDs: CVE-2019-6340Description: Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.A site is only affected by this if one of the following conditions is met:The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows GET, More info: https://www.drupal.org/sa-core-2019-003

24 febrero, 2019

Drupal core – Highly critical – Remote Code Execution – SA-CORE-2019-003

Project: Drupal coreDate: 2019-February-20Security risk: Highly critical 21∕25 AC:None/A:None/CI:All/II:All/E:Proof/TD:UncommonVulnerability: Remote Code ExecutionCVE IDs: CVE-2019-6340Description: Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.A site is only affected by this if one of the following conditions is met:The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows GET, More info: https://www.drupal.org/sa-core-2019-003

Translate »