Open source content management system (CMS) Drupal says its version 7 has a SQL injection vulnerability. The security team is issuing a security release upgrade, as well as a patch to fix the problem, it said in a blog post.
A SQL injection would allow an anonymous visitor to access protected resources and databases by issuing commands. The organization is urging all users to update their CMS immediately. Those who are unable to do a full update should implement the patch, it says. Drupal supports over 1 million websites.
SQL injection vulnerabilities are incredibly common. As the blog notes, OWASP lists A-1 injections, like SQL, as the number-one flaw in its 2013 Top Ten vulnerabilities.
The announcement comes amid Google's disclosure about a SSL vulnerability it's calling POODLE, which affects web browsers and sites that support SSL 3.0 rather than its successor TLS. Both SSL and TLS are Web protocols that secure Web communications.
As more hacks and flaws emerge, security on the Web faces increasing scrutiny from consumers and businesses. But it's important to note that both Google and Drupal put out fixes ahead of a potential attack, rather than in response to it, showing attentiveness to the current cybersecurity climate.