Drupal has released updates to address multiple vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to gain access to a system account, including an administrator’s.
Available updates include:
• Drupal core 6.36 for 6.x users
• Drupal core 7.38 for 7.x users
US-CERT encourages users and administrators to review Drupal’s Security Advisory and apply the necessary updates.