This module enables you to expose #Drupal entities as RESTful web services.
RESTWS alters the default page callbacks for entities to provide additional functionality.
A #vulnerability in this approach allows an attacker to send specially crafted requests resulting in arbitrary #PHP execution.
There are no mitigating factors. This vulnerability can be exploited by anonymous users.
More info: http://s.ibscc.net/LqXJM