US agencies ordered to patch Drupal SQL vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated all federal agencies to patch a critical SQL injection vulnerability in Drupal, a widely-used content management system. The vulnerability is currently being actively exploited by threat actors in the wild. Agencies have been given a strict deadline of Wednesday evening to secure their systems. SQL injection flaws allow attackers to manipulate database queries, potentially leading to unauthorized data access, modification, or deletion. This vulnerability poses significant risk to government infrastructure and sensitive data. Organizations worldwide using Drupal should also prioritize applying security patches immediately. Source: CISA.