Some versions of the popular content management system Drupal have a “highly critical” flaw that can be exploited. The vulnerability, designated CVE-2019-6340, exists because “some field types do not properly sanitize data from non-form sources” Drupal on Wednesday released “critical releases” that update Drupal 8.6.x to 8.5.10, and Drupal 85.11.x or earlier users to. Drupal 8 Web Services are at risk if they meet one of the following conditions: The site has the Drupal 8 core RESTful Web Services.”]
Source: https://www.cuinfosecurity.com/hackers-target-fresh-drupal-cms-flaw-to-infiltrate-sites-a-12045