Drupal has released patches to set of Remote Code Execution vulnerabilities. Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.
If your site have a one of these conditions. Your site is vulnerable to this exploit:
(Note: The Drupal 7 Services module itself does not require an update at this time, but you should still apply other contributed updates associated with this advisory if Services is in use.)
TechCERT recommends applying following security patch updates at your earliest if you have any Drupal installation.