Drupal 6 sql 注入
Drupal 6 sql injection
Drupal 6.x 是否容易受到 SQL 注入攻击 AKA Drupalgeddon?
如果是,什么是易受攻击的表单、目录或其他内容?
是的。它收到了补丁(长期支持)。
The vulnerability has been patched with the release of Drupal 7.58,
8.5.1, 8.3.9 and 8.4.6. While Drupal 6 has reached end of life and it’s not supported since February 2016, a fix has still been developed
due to the severity of the flaw and the high risk of exploitation.
https://www.securityweek.com/drupalgeddon-critical-flaw-exposes-million-drupal-websites-attacks
这是版本 6 的补丁:https://cgit.drupalcode.org/d6lts/tree/common/core/SA-CORE-2018-002.patch or the full release: https://github.com/d6lts/drupal/releases/tag/6.44 包含 SA-CORE-2018-001,002,004
的提交
Drupal 6.x 是否容易受到 SQL 注入攻击 AKA Drupalgeddon?
如果是,什么是易受攻击的表单、目录或其他内容?
是的。它收到了补丁(长期支持)。
The vulnerability has been patched with the release of Drupal 7.58, 8.5.1, 8.3.9 and 8.4.6. While Drupal 6 has reached end of life and it’s not supported since February 2016, a fix has still been developed due to the severity of the flaw and the high risk of exploitation. https://www.securityweek.com/drupalgeddon-critical-flaw-exposes-million-drupal-websites-attacks
这是版本 6 的补丁:https://cgit.drupalcode.org/d6lts/tree/common/core/SA-CORE-2018-002.patch or the full release: https://github.com/d6lts/drupal/releases/tag/6.44 包含 SA-CORE-2018-001,002,004
的提交