PHP Attack Puts WordPress and Drupal at Risk

Aug 12, 2014

All websites that use these popular CMS tools could be vulnerable to denial of service attacks if users don't install the updates.

The WordPress and Drupal websites are warning of a newly discovered flaw that could make these leading content management systems susceptible to a denial of service attack. The so-called XML Quadratic Blowup Attack, which was discovered by security expert Nir Goldshlager, affects the PHP XML module, which is included with both WordPress and Drupal. The attack distorts the memory limit, consuming all memory and bringing down the system.
According to the blog post, this attack can work on a default installation of Drupal or WordPress and requires only one attacking computer to trigger the exploit. The popularity of both CMS systems means that this attack could affect thousands, or even millions of websites.
Patches have already been released at both the Drupal and WordPress websites. Users are advised to update as soon as possible.  

Related content

comments powered by Disqus

Issue 167/2014

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)

News