Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities
Drupal 6.x versions prior to 6.27
Drupal 7.x versions prior to 7.18
Drupal Core Multiple vulnerabilities
An attacker can exploit these issues to execute arbitrary PHP code within the context of the web server, bypass certain security restrictions, and perform unauthorized actions; this may aid in launching further attacks.
Drupal is prone to an arbitrary PHP code-execution and multiple access-bypass vulnerabilities.
Install the latest version: