The team behind the popular open-source CMS Drupal is urging admins to update their sites to ward off a nasty bug that could leave their sites “highly compromised” to attackers, according to the organization.
The effected versions (Drupal i 6, 7 and 8) of the CMS power over one million websites on the internet.
Drupal has marked the security risk as “highly critical” and warns that any visitor to the site could theoretically hack it through remote code execution due to a missing input validation.
“This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised,”
