Drupal:

• Used by 1.5% of sites
• 2.4% of CMS market

Attack

Enable PHP Filters module, to allow embedded PHP code/snippets to be evaluated. (From version 8, PHP filters is not installed by default)

Upload a backdoored module.