The Drupal project is urging website admins to install updates immediately after disclosing a highly-critical remote code execution bug affecting the Drupal core CMS.
The bug was considered serious enough for Drupal’s security team to warn admins a day in advance of Wednesday’s patch release to reserve time to address the bug.
Drupal is the third most popular CMS for website publishing, accounting for about three percent of the world’s billion-plus websites. Hackers could use the flaw, tracked as CVE-2019-6340, to hijack a Drupal site and potentially take control of a web server.