A security advisory issued by Drupal assumes that every installation of the popular CMS based in the version 7.x was compromised unless patched.