MySlackerBox |
Upgrade ke drupal 6.16Situs ini telah diupgrade ke drupal 6.16. Info lengkap masalah security versi drupal sebelumnya dapat dibaca di sini : Sekedar copy paste :) Description Multiple vulnerabilities and weaknesses were discovered in Drupal. A user-supplied value is directly output during installation allowing a malicious user to craft a URL and perform a cross-site scripting attack. The exploit can only be conducted on sites not yet installed. This issue affects Drupal 6.x only. The API function drupal_goto() is susceptible to a phishing attack. An attacker could formulate a redirect in a way that gets the Drupal site to send the user to an arbitrarily provided URL. No user submitted data will be sent to that URL. This issue affects Drupal 5.x and 6.x. Locale module and dependent contributed modules do not sanitize the display of language codes, native and English language names properly. While these usually come from a preselected list, arbitrary administrator input is allowed. This vulnerability is mitigated by the fact that the attacker must have a role with the 'administer languages' permission. This issue affects Drupal 5.x and 6.x.
|