“Assume every unpatched website running Drupal 7 was compromised”

Content management system Drupal has issued a chilling public service announcement to website admins and internet users who might visit the hundreds of thousands of sites running its software.

According to the company, “automated attacks” started to hit websites running Drupal version 7 within a matter of hours of it disclosing a highly critical SQL injection vulnerability on October 15th.

http://grahamcluley.com/2014/10/assume-unpatched-websites-running-drupal-7-compromised/