Heard about the security update, yet, speculating if it’s important to upgrade? Read this.

The security upgrade was released in view of the vulnerability in Drupal 7.31 SQL injection called the SA-CORE-2014-005-Drupal core – SQL injection that got named as Drupageddon. It is being talk about as the biggest security upgrade ever. In a short span post-announcement, many Drupal sites are said to be attacked and compromised. Be aware that the longer you wait the more chances that your data’s are compromised by malicious intentions.

Which versions are vulnerable?

The Drupal Security team has revealed that Drupal 6 versions sites are not vulnerable, however, site using DBTNG might be vulnerable. Also, if your Drupal 6 site is hosted in the same server as Drupal 7, you are at risk. The core Drupal 8.0 (prior to 8.0.0 beta2) core version is also at risk.
Be aware that the attack leaves no traces and hence run the upgrade immediately.

How does the attack happen?

According to the Security team, the vulnerability enables the attacker to send specifically crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests, this can lead to privilege escalation, arbitrary PHP execution and others.

Also, the attackers may create access points/backdoors to gain entry into your database, directories and other locations and compromise your server. Don’t think a security patch or just removing the access points will suffice.

Update your site with the latest Drupal 7.32 version and always make sure to follow the Drupal Security advisories to stay secure. Don’t panic now and conduct a thorough audit immediately, reset all your passwords or simply contact your provider.