Drupalgeddon 2 (CVE-2018-7600)
Drupalgeddon 2 is the Drupal Form API RCE that drove mass-exploitation of every unpatched Drupal site within hours of disclosure.
Definition
Drupalgeddon 2 (CVE-2018-7600) is a remote code execution vulnerability in Drupal 7 and 8 Form API handling. A crafted request to Drupal's render array system reached attacker-controlled callable invocation, executing arbitrary PHP. The original "Drupalgeddon" (CVE-2014-3704) was a SQL injection three years earlier; "Drupalgeddon 2" is the unrelated 2018 follow-up.
Mitigation
Apply the Drupal 7.58 / 8.3.9 / 8.4.6 / 8.5.1 patches.