Vulnerability in the Drupal content management system
Secure ISS has become aware of a critical vulnerability in the Drupal content management system. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised. Drupal assesses this vulnerability as critical. If you are using a version of Drupal prior to 7.58 or 8.51, Secure ISS recommends that you upgrade immediately as per Drupal’s advice.
Further information can be found at Drupal Security Advisories: Remote Code Execution – SA-CORE-2018-002.