Due to the critical vulnerability (CVE-2014-3704) that allows an attacker to gain access to the administrator account, developers are advised to roll back to a backup or recreate the site from scratch.
According to the developers of the popular CMS (content management system) Drupal, all web-sites based on Drupal 7.x can be compromised. The problem is related to a critical vulnerability that could allow an unauthorized user to execute arbitrary SQL-queries to the database resource and uncover the administrator password.
According to the developers, attacks using this breach began immediately after after the announcement October 15 this year. Even those web-sites, which administrators have enough time to apply the update may still be compromised. (more…)