The Drupal CMS team has released a security update to address a critical severity access bypass vulnerability in the CMS’ core component that could allow attackers to take control of impacted sites. Only a limited set of websites running on the Drupal CMS are affected according to the security advisory given that the security issue only affects the Drupal 8.7.4 version. The fix will ONLY be applied for affected websites where update.php is running this is a required manual step when upgrading to. Drupal is used by 1.8% of all websites with content management systems tracked by W3Tech.
Source: https://www.bleepingcomputer.com/news/security/drupal-patches-critical-bug-that-lets-hackers-take-over-sites/

