Drupal has released a security advisory on April 12, 2023, regarding a vulnerability found in the Protected Pages module for Drupal 8/9/10.
The affected versions are the ones prior to Protected Pages 8.x-1.6. The vulnerability could allow an attacker to access sensitive information or execute arbitrary code on the website.
Drupal advises users and administrators to review the provided web link and apply the necessary updates to mitigate the risk of exploitation. The Cyber Centre also recommends that affected users take immediate action to secure their systems.
The Protected Pages module allows site builders to protect certain pages with a password, and the vulnerability could potentially bypass this protection.
Drupal has released a patch for the vulnerability, which users can download and apply to their websites.
