Late last year, CSO Online reported on a vulnerability in Drupal that could have left thousands of websites compromised. Last week, researchers examined the attack in more detail, measuring the time it would take to compromise a website completely.

On October 15, 2014, Drupal urged users to apply an update that fixed an SQL Injection vulnerability. Unfortunately, unless the patch was applied within a seven hour window, Drupal warned administrators that they should just assume installations in the Drupal 7.x branch before version 7.32 were already compromised.

The link for this article located at CSO Online is no longer available.