Web Hosting • The AltaGrade Blog • • AltaGrade

Config Pages - Moderately critical - Information Disclosure - SA-CONTRIB-2023-037

Nurlan

Aug 23, 2023
Add comment

Config Pages - Moderately critical - Information Disclosure - SA-CONTRIB-2023-037

Project: Config Pages
Version: 8.x-2.8, 8.x-2.7, 8.x-2.6, 8.x-2.5,8.x-2.4, 8.x-2.3, 8.x-2.2, 8.x-2.1, 8.x-2.0
Date: 2023-August-23
Security risk: Moderately critical 12∕25
Vulnerability: Information Disclosure
Affected versions:

Description

This module enables you to build administrative pages for managing configuration objects, which may then be used elsewhere in the site.

The module doesn't sufficiently validate access when the JSONAPI module is also installed.

Nurlan

Aug 23, 2023
Add comment

ACL - Critical - Arbitrary PHP code execution - SA-CONTRIB-2023-034

Project: ACL
Date: 2023-August-23
Security risk: Critical 17∕25
Vulnerability: Arbitrary PHP code execution
Affected versions:

Description

The ACL module, short for Access Control Lists, is an API for other modules to create lists of users and give them access to nodes.

The module processes user input in a way that could be unsafe. This can lead to Remote Code Execution via Object Injection.

Nurlan

Jun 8, 2023
Add comment

Navigating Drupal 7's End of Life: Ensuring a Smooth Transition

Introduction

Nurlan

Jun 1, 2023
Add comment

AddToAny Share Buttons - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-019

Project: AddToAny Share Buttons
Date: 2023-May-31
Security risk: Moderately critical 13∕25
Vulnerability: Cross Site Scripting

Description

This module provides social media share & follow buttons.

The module doesn't sufficiently restrict AddToAny block settings to users who have permission to administer AddToAny. This allows users with lower permission to configure malicious code leading to a Cross Site Scripting (XSS) vulnerability.

Nurlan

Jan 24, 2023
Add comment

Upgrading to Drupal 10: Why It's Important and How AltaGrade Can Help

As a content management system, Drupal is widely used by organizations of all sizes to create and manage websites. Drupal 10 is the latest version of the platform, and it offers a number of benefits over earlier versions. Here at AltaGrade, we are highly knowledgeable Drupal specialists and we can help you upgrade your website to Drupal 10.

Nurlan

Nov 27, 2020
Add comment

Do you have a Drupal website? Consider switching to AltaGrade!

Overview

Leverage the power of Drupal on AltaGrade hosting platform using tools which let you build, scale and deliver Drupal websites and applications offloading the management and maintenance of all platform-related issues to AltaGrade!

Nurlan

Sep 18, 2020
Add comment

Drupal 9 hosting. What it takes to harness the latest Drupal?

AltaGrade has been proudly providing professional hosting services for Drupal 9 websites since the day of its initial release. With the growing number of customers interested in our new hosting environment specifically built for Drupal 9, we'd like to provide some technical data on how exactly we've addressed the challenges to meet system requirements of Drupal 9.