Drupal has patched a highly critical vulnerability that could allow hackers to compromise websites using the popular open source content management system through SQL injection attacks. The flaw, which affects sites using PostgreSQL databases, can be exploited without authentication to steal information and potentially achieve remote code execution. This is Drupal's first highly critical security issue in years, and patches are now available for versions 11 and 10 of the CMS that powers hundreds of thousands of websites worldwide.