Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By Heine on
- Advisory ID: SA-2008-031
- Project: Pblog (third-party module)
- Versions: none
- Date: 2008-June-11
- Security risk: Not critical
- Exploitable from: Remote
- Subject: Incorrect vulnerability report
Description
Several 'security'-related sources claim - with SecurityFocus as source (http://www.securityfocus.com/bid/29495/info) - that the third-party Drupal module Pblog is vulnerable to SQL injection attacks. The Drupal security team has investigated the matter and concluded that these sources confuse the Drupal module Pblog and the blogging platform Life Type (http://lifetype.net/ , formerly plog).
The Life Type team assured us that the 3 year old vulnerable version of plog 1.0.x has been surpassed by later versions which do not contain this vulnerability.
While we have not received any response from SecurityFocus, we hope corrections to their announcement will be made shortly.
Contact
The security contact for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.
