October 15, 2014
"Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. This vulnerability can be exploited by anonymous users." 
This is a critical vulnerability that can be exploited remotely without authentication. Upgrade your Drupal 7 instances immediately.
Depending on the content of the requests, successful attacks can lead to privilege escalation, arbitrary PHP execution, and more.
- Drupal core 7.x versions prior to 7.32
- Hosted Drupal instances at providers such as Pantheon and Acquia
- Upgrade to Drupal 7.32 immediately.
- If you cannot upgrade to Drupal 7.32 right away, you may apply a temporary patch to address this vulnerability: