Critical vulnerability in the core of Drupal versions ? 7 and 8
A week ago, Drupal Security Team announced a serious fix on March 2? which closes the critical bug in security, which is relevant for all versions of Drupal 6.x, 7.x and 8.x. The bug allows an attacker to gain access to the hosting server with the rights of the web server. A known public exploit that exploits this vulnerability is not yet available, but it is likely to appear in the very near future, therefore it is strongly recommended that all the happy website owners on Drupal or those who support it maintain the update as soon as possible.
. information sheet Drupal Security Team .
Owners of sites on the currently unsupported version of the 6th version were less fortunate, there is no ready build for them, but there is a patch in the project Drupal 6 Long Term Support , you can download it here: www.drupal.org/project/d6lts/issues/2955130
It may be interesting