Drupal Core – Highly Critical – Public Service announcement – PSA-2014-003
- Advisory ID: DRUPAL-PSA-2014-003
- Project: Drupal core
- Version: 7.x
- Date: 2014-October-29
- Security risk: 25/25 (Highly Critical) AC:None/A:None/CI:All/II:All/E:Exploit/TD:All
Description
This Public Service Announcement is a follow up to SA-CORE-2014-005 – Drupal core – SQL injection. This is not an announcement of a new vulnerability in Drupal.
Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 – Drupal core – SQL injection. You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.
[av_button_big label=’Read the full announcement here’ description_pos=’below’ link=’manually,https://www.drupal.org/PSA-2014-003′ link_target=’_blank’ icon_select=’yes-left-icon’ icon=’ue83f’ font=’entypo-fontello’ custom_font=’#FFFF00′ color=’red’ custom_bg=’#000000′ color_hover=’theme-color-subtle’ custom_bg_hover=’#000000′ av_uid=’av-2nq77s’][/av_button_big]