Security expert found a “highly critical” vulnerability (CVE-2019-6340) in the popular Drupal CMS that could be exploited for remote code execution.
Drupal released security updates that addresses a “highly critical” vulnerability in the popular Drupal CMS, tracked as CVE-2019-6340, that could be exploited for remote code execution.
The CVE-2019-6340 flaw is caused by the lack of proper data sanitization in some field types, an attacker could exploit the flaw to execute arbitrary PHP code.