The company Sektion Eins was found a critical vulnerability, which affects all versions of Drupal 7 branch. It allows you to execute arbitrary SQL-query the database Drupal without any rights in the system. Thus, for example, it is possible with absolutely no rights on your website, create a special request, which will create a new administrator or change the current password. The danger is defined as the highest. October 15 came kernel upgrade to version 7.32, which addresses the vulnerability. Developers are strongly advised to update the kernel immediately.
At the moment, already compromised a lot of sites for this CMS and break-ins continue.