Security23.05.2016

Drupal websites hacked using SQL injection flaw

By Staff Writer

Hackers have attacked hundreds of Drupal websites, installing ransomware that hijacks the website’s main page.

Softpedia reported that the attackers exploited a two-year-old vulnerability in Drupal for the SQL injection attacks.

Drupal website owners said their websites were locked, with the message:

“Website is locked. Please transfer 1.4 BitCoin to address 3M6SQh8Q6d2j1B4JRCe2ESRLHT4vTDbSM9 to unlock content.”

“The attacker’s scanning bot extracts the Drupal site’s version, then uses the CVE-2014-3704 vulnerability to break into the affected websites and change the admin user’s password,” reported Softpedia.

CVE-2014-3704 is an SQL injection vulnerability that affects Drupal 7.x installations prior to version 7.32.

More on security

Massive South African credit card leak

Criminals infect ATMs with malware to steal your card data

Over 100 million LinkedIn accounts compromised

Don't miss the latest news

Show comments

Forum discussion

Drupal websites hacked using SQL injection flaw

More on security

Latest news

Eskom is getting replaced

Criminals in South Africa’s richest province are getting arrested thanks to a security camera network

Big step for the South African Post Office

The Premium HONOR 600 Series is now available across all channels nationwide

Important information for people subscribing to Amazon Prime in South Africa

South African tech stock that went from R110 to the bargain bin

How Codehesion’s AI-enabled innovation pods build your software faster and better

Ray of light at struggling South African fashion giant

What’s Next — Pinnacle’s Jacques Liebenberg on Hikvision’s smart security solutions in South Africa

More news

Government bought tablets for R53 million and most are gathering dust in a warehouse

R1,800 per month saved driving an electric car in South Africa with petrol prices at R28.06 per litre

Amazon’s strategy to get South Africans hooked for R59 per month

How to reach an influential South African audience and grow your business

South African retail giant investing part of R1.1 billion into tech upgrades and e-commerce

Mr Price’s cellular business makes R150 million profit

MLT Power and Tesla Energy: A 40-Year Legacy Meets the Future of Energy

Post Office could have paid the salaries of 27 full-time CEOs with the money it spent on business rescue practitioners

DStv stops cheaper Internet plans

Trending news

US company’s South African data centre expansion under fire

People are breaking public CCTV cameras in South Africa with one region hit badly

Toyota recalls 6,525 cars in South Africa

Why South African CIOs are simplifying communications with Microsoft Teams Calling

South Africa’s only successful smartphone brand has a new range of devices

Vodacom spends R4 million on high-tech LAN and learning equipment for special needs school

Synology showcases the next generation DiskStation Manager and a full lineup of data management solutions at COMPUTEX 2026

Eskom will take over electricity billing and maintenance in three municipalities

Top professor speaks to Pope Leo about South African technology in exclusive meeting

Industry News

Foam mattresses explained – What you’re actually buying (and why it matters)

MTN Zambia and Huawei Jointly Complete the World’s First Commercial Use of the New Five-Band LampSite Solution

Mustek supports South African resellers with world-class HUAWEI solutions

Windows 10 Is Now a Business Risk — Why Upgrading to Windows 11 Pro Can’t Wait

ZTE releases Sustainability Report 2025 – Driving a new chapter in sustainable development through AI

Poll