The ACSC has become aware of a critical vulnerability in the Drupal content management system. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised. Drupal assesses this vulnerability as critical. If you are using a version of Drupal prior to 7.58 or 8.51, the ACSC recommends that you upgrade immediately as per Drupal's advice.
Further information can be found at Drupal Security Advisories: Remote Code Execution - SA-CORE-2018-002.