The Drupal open-source content management system platform has issued an advisory for a highly critical remote-code execution (RCE) flaw in the Drupal core. The vulnerability (CVE-2019-6340) arises from the fact that some field types do not properly sanitize data from non-form sources, according to the advisory. Drupal provides a back-end framework for at least 4.6 percent of all websites worldwide. It s the third-most popular web platform in the world after WordPress and Joomla.
Source: https://threatpost.com/critical-drupal-rce-flaw/142091/