PHP Attack Puts WordPress and Drupal at Risk

Aug 11, 2014

All websites that use these popular CMS tools could be vulnerable to denial of service attacks if users don't install the updates.

The WordPress and Drupal websites are warning of a newly discovered flaw that could make these leading content management systems susceptible to a denial of service attack. The so-called XML Quadratic Blowup Attack, which was discovered by security expert Nir Goldshlager, affects the PHP XML module, which is included with both WordPress and Drupal. The attack distorts the memory limit, consuming all memory and bringing down the system.
According to the blog post, this attack can work on a default installation of Drupal or WordPress and requires only one attacking computer to trigger the exploit. The popularity of both CMS systems means that this attack could affect thousands, or even millions of websites.
Patches have already been released at both the Drupal and WordPress websites. Users are advised to update as soon as possible.  

Related content

  • Defending WordPress with WPScan

    The number of potential WordPress vulnerabilities is stunning. WPScan scans your site to find the problems that could lead to compromise.

  • Compromising WordPress

    WordPress is an incredibly popular tool for building websites, and don't think the attackers haven't noticed. We'll show you what to watch for.

  • Linux News

    Updates on Technologies, Trends, and Tools

  • Drupal

    The PHP-based Drupal framework makes dynamic websites simple. The modular system is extensible using free modules and the appearance is template-driven. In this article, we will be delving into Drupal’s range of functions and discussing installation and basic configuration.

  • Blog Central

    WordPress is one of the most popular content management systems. With the introduction of the new Gutenberg editor, now is the time to (re)learn WordPress.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News