Submitted by securityadmin on
This bug affects the update mechanism in Drupal. Via cross site
scripting, a malicious user may be able to cause the superuser to
execute old updates that may damage the database.
Upgrading to 5.13 or 6.7 will mitigate the bug. Alternatively, a patch
is available that will fix this bug, although it will not update other
non-security fixes in the code.
When upgrading, special care should be taken with .htaccess and
robots.txt files as they may be altered. settings.php should not need
to change.