SmartVPS - the complete multi-account hosting solution! Each individual account comes with free backups, addon domains, PHP-FPM with OPcache and server-side caching for lightning-fast sites. And all this at a great price!
75% OFF ALL NEW PLANS + 100-DAY MONEY-BACK GUARANTEE
75% OFF ALL NEW PLANS

Oct 17, 2014

Highly-critical SQL injection vulnerability for Drupal - mass-fixed on our servers

On Oct 15, 2014, Drupal developers issued a notification of a critical SQL injection vulnerability, which affected all current Drupal 7.x versions. More information on the matter can be found at https://www.drupal.org/SA-CORE-2014-005.

The existing proof of concept allowed hackers to turn the SQL injection vulnerability into a remote code execution / file upload, and there are reports of many hack attempts against Drupal sites on the Internet. To protect the Drupal sites of our customers until they update their installations, we patched over 3000 Drupal installations on our servers. The applied patch does not affect the operation of the sites, but eliminate the threat which is a result of the announced vulnerability.

Customers still must update their Drupal installations to the latest version from Drupal.org.