Drupal, a popular web content platform, released a notification of vulnerabilities in version 7.0 of their software earlier this month. Last week, Drupal announced that the vulnerabilities were being actively exploited and strongly recommended immediate action by Drupal administrators. The details of the vulnerability, exploit, and recovery steps are listed below.
We urge anyone running Drupal on their website to review this information and act accordingly. If you are a customer of the Acquia-hosted Drupal environment, Acquia reported that they have responded to this issue and are confident that their environment is safe.
View online: https://www.drupal.org/PSA-2014-003
* Advisory ID: DRUPAL-PSA-2014-003
* Project: Drupal core 
* Version: 7.x
* Date: 2014-October-29
* Security risk: 25/25 ( Highly Critical)