Summary: The Malaysia Computer Emergency Response Team (MyCERT) has identified critical vulnerabilities in the AI Automators module of Drupal affecting versions prior to 1.0.5, posing significant cybersecurity risks such as remote code execution. Users are urged to apply the necessary updates promptly to mitigate these risks and protect their websites. The vulnerabilities stem from improper input sanitization, allowing attackers to execute arbitrary commands on affected systems.
Affected: Drupal AI Automators Module (Versions prior to 1.0.5)
Keypoints :
- Critical vulnerabilities identified allow for remote code execution and unauthorised access to sensitive data.
- Immediate upgrade to version 1.0.5 is recommended to resolve these vulnerabilities.
- Vulnerabilities are associated with insufficient sanitization of inputs within the AI Automators module.
Source: https://thecyberexpress.com/march-drupal-vulnerabilities/