Stefan Horst of SektionEins discovered a critical SQL injection vulnerability in Drupal 7. All users on versions prior to 7.32 are encouraged to update as soon as possible.
As everything needs a name this one has the grand/ridiculous title of “Drupalgeddon”.
It appears that the impact/s could be quite severe – a worst case scenario is it could lead to a complete authentication bypass, or full control of and access to database contents over the internet. This is quite a big deal. There are two proposed metasploit modules for it available now.
The Drupal advisory is here.
The SektionEins advisory and technical discussion is here
