Three vulnerabilities were patched Wednesday in the Drupal content management system’s core engine, two of which were rated critical.

Developers with the open source content management framework Drupal today patched a series of highly critical remote code execution bugs in three separate modules. If exploited, the bugs could let an attacker take over any site running the modules. Fixes for pushed for RESTful Web Services, a module used for creating REST APIs, Coder, a module...

Developers at Drupal addressed 10 vulnerabilities in the content management system this week, including a critical access bypass issue that could have let users access certain elements thought to be blocked, and another issue that could lead to remote code execution. Through the critical access bypass vulnerability, the lone fix marked critical, a user could’ve submitted their own...

A number of issues exist in the content management system Drupal that could lead to code execution and the theft of database credentials via a man-in-the-middle attack, a researcher warns. The vulnerabilities lie in the way Drupal processes updates, according to Fernando Arnaboldi, senior security consultant with IOActive. Arnaboldi wrote a blog entry describing three...