Drupal releases patch for 'highly critical' remote code execution flaw that puts millions of sites at risk

Sites based on the CMS Drupal are at risk from a remote code execution flaw which has been classed as "highly critical". Site owners are being urged to install updates to ensure they are protected. The security flaw -- CVE-2019-6340 or SA-CORE-2019-003 -- affects Drupal 8.5.x and 8.6.x but there are certain conditions that must be met in order for a site to be vulnerable. See also: Security researchers reveal details of serious bug in compression tool WinRAR Security researcher 'concerned' to find Twitter is not deleting your deleted direct messages User data exposed in 500px security breach... that happened… [Continue Reading]