PHP Attack Puts WordPress and Drupal at Risk

Aug 11, 2014

All websites that use these popular CMS tools could be vulnerable to denial of service attacks if users don't install the updates.

The WordPress and Drupal websites are warning of a newly discovered flaw that could make these leading content management systems susceptible to a denial of service attack. The so-called XML Quadratic Blowup Attack, which was discovered by security expert Nir Goldshlager, affects the PHP XML module, which is included with both WordPress and Drupal. The attack distorts the memory limit, consuming all memory and bringing down the system.
According to the blog post, this attack can work on a default installation of Drupal or WordPress and requires only one attacking computer to trigger the exploit. The popularity of both CMS systems means that this attack could affect thousands, or even millions of websites.
Patches have already been released at both the Drupal and WordPress websites. Users are advised to update as soon as possible.  

Related content

  • Linux News

    Updates on Technologies, Trends, and Tools

  • Compromising WordPress

    WordPress is an incredibly popular tool for building websites, and don't think the attackers haven't noticed. We'll show you what to watch for.

  • Drupal

    The PHP-based Drupal framework makes dynamic websites simple. The modular system is extensible using free modules and the appearance is template-driven. In this article, we will be delving into Drupal’s range of functions and discussing installation and basic configuration.

  • Blog Central

    WordPress is one of the most popular content management systems. With the introduction of the new Gutenberg editor, now is the time to (re)learn WordPress.

  • Trackbacks in Drupal

    Trackbacks offer a simple means for bloggers to connect and share information.

comments powered by Disqus