Drupal has released security update to address vulnerability in Drupal 7.x prior to ver. 7.60 and Drupal 8.x prior to ver. 8.5.8 and 8.6.2. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.
Users and administrators are encouraged to review Drupal Security Advisory and apply necessary updates.