Durpal security team have just patched the critical Access Bypass vulnerability on Durpal core, that give attacker full control over your site. This Access Bypass Bug which is dubbed as CVE-2017-6919 is been affected to Durpal 8.x not to the earlier version.
A site is only affected by this if all of the following conditions are met:
- The site has the RESTful Web Services (rest) module enabled.
- The site allows PATCH requests.
- An attacker can get or register a user account on the site.