Drupal Warns of Active Exploitation of Critical SQL Injection Flaw

Drupal has issued a warning that attackers are actively exploiting a "highly critical" SQL injection vulnerability disclosed earlier in the week. The flaw affects Drupal-based websites, allowing unauthenticated threat actors to execute malicious SQL queries. While the article does not specify the exact CVE identifier, it confirms exploitation attempts are underway. The vulnerability poses a severe risk, potentially enabling data breaches or unauthorized system access. Drupal has not provided a precise date for the initial disclosure but indicates the issue was recently announced. No specific attack vectors or targeted sectors were detailed in the report.