Drupal core installation can serve as a simple Web site, a single- or multi-user blog, an Internet forum, or a community Web site providing for user-generated content. The risk calculator shown that it is highly critical according NIST Common Misuse Scoring System (NISTIR 7864). Two critical factors told us the following:
- All data can be modified or deleted
- All non-public data is accessible
It is indeed nightmare! Drupal user must do the patching immediately. Otherwise there is a new round of data leakage incident will be happened soon!
Official announcement: Drupal core – Highly critical – Remote Code Execution