Vulnerability that affects all versions of Drupal from 6 to 8 allows an unauthenticated, remote attacker to execute malicious code on default or common Drupal installations. The vulnerability also affects Drupal 6, which is no longer supported by the company since February 2016, but a patch for the version has been created. Security researchers at Check Point and Dofinity published complete technical details about this vulnerability (CVE-2018-7600), using which, a Russian security researcher published a proof-of-concept (PoC) exploit code for Drupalgeddon2.
Source: https://thehackernews.com/2018/04/drupal-rce-exploit-code.html