Read the original article: Drupal-based sites open to attack via double extension files (CVE-2020-13671)
Admins of sites running on Drupal are urged to plug a critical security hole (CVE-2020-13671) that may be exploited by attackers to take over vulnerable sites. They have also been urged to check that the vulnerability hasn’t already been covertly leveraged by attackers. About the vulnerability (CVE-2020-13671) CVE-2020-13671 exists because Drupal core (the standard release of Drupal) does not properly sanitize certain filenames on uploaded files. A malicious file with a double extension (e.g., php.txt) … More
The post Drupal-based sites open to attack via double extension files (CVE-2020-13671) appeared first on Help Net Security.
Read the original article: Drupal-based sites open to attack via double extension files (CVE-2020-13671)