Highly Critical Drupal RCE Flaw Affects Millions of Websites

[maruf.swe]

Admins should update immediately to fix a remote code-execution vulnerability.

The Drupal open-source content management system platform has issued an advisory for a highly critical remote-code execution (RCE) flaw in the Drupal core.

The vulnerability (CVE-2019-6340) arises from the fact that “some field types do not properly sanitize data from non-form sources,” according to Drupal’s Wednesday advisory, which was published a day after it warned admins that a major security update was coming.

For More Details : https://threatpost.com/critical-drupal-rce-flaw/142091/