Drupal has released updates to address multiple vulnerabilities, one of which could allow an attacker with elevated permissions to inject malicious code.
Available updates include:
- Drupal core 6.37 for 6.x users
- Drupal core 7.39 for 7.x users
US-CERT encourages users and administrators to review Drupal's Security Advisory and apply the necessary updates.