This script is (C) 2006-2011 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
The Drupal team reports :
Vulnerability: SQL injection
A security vulnerability in the database layer allowed certain queries
to be submitted to the database without going through Drupal's query
Vulnerability: Execution of arbitrary files
Certain -- alas, typical -- configurations of Apache allows execution
of carefully named arbitrary scripts in the files directory. Drupal
now will attempt to automatically create a .htaccess file in your
'files' directory to protect you.
See also :
Update the affected package.
Risk factor :
High / CVSS Base Score : 7.5