A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised. The Drupal Security Team has released security updates and patches to address the vulnerability. For complete information, including what steps may be necessary to protect Drupal websites, please visit the U-M Safe Computing website.
Alert: Drupal Administrators – Apply security update ASAP