Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Security risk of $update_access_free = true in Drupal

Tags:

security

drupal

What kind of potential security risk it raises if I left $update_access_free = TRUE in Drupal on a production environment? In that case, everyone can run update.php. Assuming there are no updates available, what can an attacker do?

like image 609
viam0Zah Avatar asked Feb 27 '23 01:02

viam0Zah

1 Answers

If left enabled, an attacker could run old updates, which in a good scenario would only bog down your site's performance, but in a worst-case scenario could result in data loss or data corruption.

like image 88
jhedstrom Avatar answered Mar 13 '23 02:03

jhedstrom
Sign in to Comment

Related questions

How can I prevent bulk vulnerability scanning without using a CAPTCHA component?
Should I pass sensitive data to a Process.Start call in .NET?
JSON Data - Parsed Or 'Eval'ed
I know I'm doing validation wrong. Please persuade me to stop :)
Access Control List Best Practices - ACL - Setting Negative Roles for Users who Attack a Site
How should I incorporate the salt in my password hash?
How do I protect a public ASMX page that posts important data to my database
Multiple AntiForgeryTokens on a View with a MasterPage
safest place to store php values for msql_connect?
faking a filesystem / virtual filesystem
What are the weaknesses of this user authentication method?
How to prevent arbitrary code execution vulnerability in our programs?
How to verify a digital signature with openssl
Can this be improved? Scrubbing of dangerous html tags
Does using web services to expose a .NET DAL add security?
.net Encrypting Database Tables
How to launch a process on Linux with highly restricted privileges?
Is there any way to verify that client side code that is used is the one given by the server?
Iframe – let the user pick the src - any security issues?
Is it possible to use TrueCrypt through another application? (C#)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!