Attackers exploit a vulnerability that exists in the majority of all websites that run the popular Drupal content management system. The vulnerability allows attackers to inject code into a site and seize control of it. Attackers can then use the site to target website visitors with drive-by malware attacks, as well as relay spam and launch DDoS attacks. Security experts have lauded the Drupal team for not attempting to downplay the threat. “This is an alarmingly candid, highly critical warning on Drupal security,” says software architect Troy Hunt.”]
Source: https://www.cuinfosecurity.com/attackers-exploit-drupal-vulnerability-a-7500