Highly critical remote code execution vulnerabilities have been announced by the Drupal security team for the third-party modules RESTWS, Coder, and Webform Multiple File Upload.   
Open Berkeley Drupal sites managed by IST Web Platform Services are NOT affected. However, ISP is aware there are many unmanaged Drupal sites on campus. Owners of Drupal sites not on the Open Berkeley platform should inspect their configuration immediately.
Successful exploitation of these vulnerabilities will allow remote, arbitrary PHP code execution against affected Drupal sites.
- RESTful Web Services module 7.x-2.x versions prior to 7.x-2.6. 
- RESTful Web Services module 7.x-1.x versions prior to 7.x-1.7. 
- Coder module 7.x-1.x versions prior to 7.x-1.3. 
- Coder module 7.x-2.x versions prior to 7.x-2.6. 
- Webform Multifile module 7.x-1.x versions prior to 7.x-1.4 
- If your Drupal site is not on the Open Berkeley platform, check your configuration for the affected modules and install the available security patches.   
- NOTE: The Coder module vulnerability can be exploited even when the module is disabled. Either uninstall the module or update immediately. 
- Contact IST Web Platform Services for a consultation to have your site hosted and managed on the Open Berkeley platform. Open Berkeley sites regularly receive security updates.