A PHP application running on the remote web server is affected by multiple vulnerabilities.
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.62, 8.5.x prior to 8.5.9, or 8.6.x prior to 8.6.6. It is, therefore, affected by multiple phar handling vulnerabilities. An unauthenticated attacker could leverage these vulnerabilities to potentially perform remote code execution attacks and gain access in the context the web server user.
Upgrade to Drupal version 7.60 / 8.5.8 / 8.6.2 or later.