漏洞类别:CGI
漏洞等级: 
漏洞信息
Drupal is a free and open-source content management framework written in PHP and distributed under the GNU General Public License. It is also used for knowledge management and business collaboration.
Drupal contains a critical access bypass vulnerability. A site is only affected by this is the following conditions are met:
The site has the RESTful Web Services (rest) module enabled.
The site allows PATCH requests.
An attacker can get or register a user account on the site.
Affected Versions:
Drupal 8 prior to 8.2.8 and 8.3.1.
漏洞危害
Successful exploitation allows a remote attacker to bypass security restrictions on a targeted web page.
解决方案
Customers are advised to upgrade to Drupal 8.2.8, 8.3.1 or later versions to remediate these vulnerabilities.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论