Drupal: Critical SQL injection flaw now targeted in attacks

Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier ...
Tech Times

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...
CSO Online

Drupal admins rushing to patch maximum severity SQL injection vulnerability

In its warning, Drupal said a vulnerability in this API allows an attacker to send specially crafted requests resulting in ...
Arabian Post

Drupal flaw draws urgent patch race

US cyber authorities have added a critical Drupal Core SQL injection flaw to their exploited-vulnerabilities list after attacks began targeting unpatched websites using PostgreSQL databases, ...
Hackaday

SQL Injection Fools Speed Traps And Clears Your Record

Typical speed camera traps have built-in OCR software that is used to recognize license plates. A clever hacker decided to see if he could defeat the system by using SQL Injection… The basic premise ...
Dark Reading

Transforming SQL Queries Bypasses WAF Security

BLACK HAT ASIA 2022 — A team of university researchers used basic machine learning to identify patterns that common Web application firewalls (WAFs) fail to detect as malicious, but which can still ...
CSOonline

Google’s web crawler linked to SQL Injection attempts

In a recent blog post, Daniel Cid, CTO of Securi, a company that provides website security monitoring and related services, published details of a recent SQL Injection (SQLi) attempt. That in itself ...