Drupal has released a security updates to address a vulnerability in Drupal Core. A remote attacker could exploit this vulnerability to take control of an affected website.
Affected versions: Drupal 7, Drupal 8.6 and earlier, and Drupal 8.7.
CERT Bulgaria recommends users and administrators to review Drupal's security advisory SA-CORE-2019-007 and apply the necessary updates.
Versions of Drupal 8 prior to 8.6.x are end-of-life and do not receive security coverage.