'Millions of sites that run the Drupal content management system run
the risk of being hijacked until they're patched against a
vulnerability that allows hackers to remotely execute malicious code,
managers of the open source project warned Wednesday.
CVE-2019-6340, as the flaw is tracked, stems from a failure to
sufficiently validate user input, managers said in an advisory.
Hackers who exploited the vulnerability could, in some cases, run code
of their choice on vulnerable websites. The flaw is rated highly
"Some field types do not properly sanitize data from non-form
sources," the advisory stated. "This can lead to arbitrary PHP code
execution in some cases."'
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174