One of the more problematic elements of building any application is managing end user identities. Writing the code to manage who gets to access any given application not only is time consuming; it doesn’t usually add much in the way of unique value to the application.
Last week, a remote code execution vulnerability was discovered in Drupal's core code. After uncovering and starting its mitigation efforts, Drupal reported mass exploits in the wild. The company published fixes in the most recent versions and suggests that developers upgrade to the latest version.