Drupal Core Access Bypass and Arbitrary PHP Code Execution Vulnerabilities
Drupal is prone to an arbitrary PHP code-execution and multiple access-bypass vulnerabilities.
An attacker can exploit these issues to execute arbitrary PHP code within the context of the web server, bypass certain security restrictions, and perform unauthorized actions; this may aid in launching further attacks.
The following versions are vulnerable:
Drupal 6.x versions prior to 6.27
Drupal 7.x versions prior to 7.18