The vulnerability, which became public on Oct. 15, is a SQL injection flaw in a Drupal module that’s designed specifically to help prevent SQL injection attacks.

via ‘Every Drupal 7 Site Was Compromised’ Unless Patched By Oct. 15 | Threatpost | The first stop for security news.