Drupal: code execution and other vulnerabilities in the new version

August 01, 2022

Tags: Technologies, Tech Trends



Drupal is one of the most versatile CMS of today and with which many of the web pages that we visit daily are built. As per the definition given on its official website, “Drupal is content management software. It is used to create many of the webs and applications of daily use”.


With a flexible and modular system, Drupal CMS has managed to impress developers when they have to design a web page that is easy to use for the common user.


Drupal CMS and its new update in security and code writing


Being Drupal one of the most widely used CMS worldwide, it must have a reliable security protocol, with which its users can rest assured that their information and data will not be compromised.


In the most recent update of this versatile technology, some security patches were alerted that presented flaws, in addition to improving the writing of code, a key aspect for all Drupal developers.


In Security Week magazine they detailed “Drupal has published four notices that describe four types of vulnerabilities. One of them has been qualified as "critical" and the other three as "moderately critical". Drupal uses the NIST Common Abuse Scoring System to rate vulnerabilities, rather than CVSS, and flaws are graded "less critical," "moderately critical," "critical," and "highly critical."


Drupal development companies are fully aware of these kinds of updates and how they improve the platforms they build.


The magazine's Drupal specialists went on to say “The 'critical' vulnerability, tracked as CVE-2022-25277, affects Drupal 9.3 and 9.4. The issue affects Drupal core and can lead to the execution of arbitrary PHP code on Apache web servers when uploading specially crafted files. The Drupal developers noted that only Apache web servers are affected and only with specific configurations. They have advised website administrators to check their server for possible signs of compromise."




Advantages that Drupal has as a CMS compared to Wordpress


Drupal is one of the most used CMS by companies and developers to build their web pages, but it has strong competition: WordPress. The CMS par excellence of bloggers and news portals has established itself strongly in the world of the internet. That is why there is always a conflict between Drupal vs WordPress.


Drupal and WordPress have marked differences and here we will review the most important ones, leaving it up to the developer which one to use for their project:


  • Drupal CMS is free, while WordPress can cost up to $15 per month.
  • In SEO construction, Drupal development has PathAuto, an add-on, while WordPress has tools like Mailchimp and Google Analytics built into its system.
  • In customer service, Drupal offers limited to communication through forums and documentation, while WordPress has customer service every day and at all times.
  • As e-commerce options, Drupal users can build a page for this purpose through Drupal Commerce. In WordPress, payments can be received through all plans, and WooCommerce integration is limited to the WordPress Pro plan.


So, between Drupal vs WordPress, which one to choose? These are the main differences between both CMS, leaving it up to developers which one best suits their needs. At Rootstack, we have experts in both technologies who can take on any project that comes their way.


We recommend you on video