drupalgeddon2 RCE Vulnerability can fully compromise a Drupal instance of version 7.x and 8.x. It allow the attacker to execute arbitrary code on the victim machine without authorization.

Back in 2014, a SQLi in Drupal was discovered so serious that in a matter of hours it allowed to automate attacks that compromised hundreds or perhaps thousands of vulnerable servers.