There was a new serious Drupal vulnerability (SA-CORE-2015-002) announced recently, which has the potential to cause us a whole lot of disruption. Drupal has released updates to address multiple vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to gain access to a system account, including an administrator’s.
- Drupal core 6.x versions prior to 6.36
- Drupal core 7.x versions prior to 7.38
- If you use Drupal 6.x, upgrade to Drupal core 6.36
- If you use Drupal 7.x, upgrade to Drupal core 7.38