This problem was disclosed on the 15t of October that Drupal 7 was highly vulnerable to SQL injection. Read More