The security hole, tracked as CVE-2019-6340, is caused by the lack of proper data sanitization in some field types, which, in some cases, can allow an attacker to execute arbitrary PHP code, Drupal developers said. The issue was discovered by Samuel Mortenson of the Drupal Security Team. Exploitation of CVE-2019-6340 is possible if the core…