Drupal is a free and open-source content management system (CMS) and content management framework (CMF) written in PHP and distributed under the GNU General Public License. It is used as a back-end system for at least 2.1% of all websites worldwide ranging from personal blogs to corporate, political, and government sites including whitehouse.gov and data.gov.uk. It is also used for knowledge management and business collaboration.
Since Drupal is so common across the web, Zion Security (A Checkmarx partner) decided to assess how vulnerable it really is.
In a unique and very interesting post, Mr. Erwin Geirnaert of Zion Security, outlines the findings of their research into the security level of Drupal.
Below you can find a snapshot of the security vulnerabilities Checkmarx’s source code analysis scanner was able to identify.
For the full report, please click here