[Plesk] SA-CORE-2014-005 - Drupal core - SQL injection

Created:

2016-11-16 12:46:38 UTC

Modified:

2017-04-24 11:20:17 UTC

0

Was this article helpful?


Have more questions?

Submit a request

[Plesk] SA-CORE-2014-005 - Drupal core - SQL injection

Applicable to:

  • Plesk

Information

Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 - Drupal core - SQL injection.

You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.

Simply updating to Drupal 7.32 will not remove backdoors.

Resolution

NOTE: It is strongly advised to change all the passwords for the application instance.

If you have backup created before Oct 15th, 11pm UTC:

  1. Go to Websites & Domains > Backup Manager and restore virtual host content and database.

  2. Update Drupal installation to version 7.32:

    a. If Drupal is installed as an Plesk application, go to Subscriptions > Applications > Manage My Applications and click on "Update avaliable" button, see screenshot:

    Note: New version availability is being checked by daily Maintenance Script in Plesk. If you still does not see "Update avaliable" button please check that Daily Maintenance script works fine.

    b. If Drupal is installed not through Plesk application vault, but manually, follow Drupal upgrade guide .

    Note: If you are unable to update to Drupal 7.32 you can apply this patch to Drupal's database.inc file to fix the vulnerability until such time as you are able to completely upgrade to Drupal 7.32.

If you have no backup:

Follow the steps that are described in the "Recovery" section of the following Drupal site .

Have more questions? Submit a request
Please sign in to leave a comment.