This module enables you to monitor and manage any number of remote Drupal sites and aggregate useful information for administrators in a central dashboard.
The modules (DRD and DRD Agent) encrypt the data which is exchanged between them but in order to do so, they use the PHP serialize/unserialize functions instead of the json_encode/json_decode combination. As the unserialize function is called on unauthenticated content, this introduces a PHP object injection vulnerability.
Install the latest version:
- David Snopek of the Drupal Security Team
- David Snopek of the Drupal Security Team
- Jürgen Haas
- David Snopek of the Drupal Security Team