The Qualys WAS scanning engine has been updated with a new detection for CVE-2019-6340, a remote code execution (RCE) vulnerability in the Drupal CMS. To exploit this vulnerability, an attacker submits a specially-crafted request that includes serialized PHP code. Ensure that QID 150235 is enabled in your WAS vulnerability scans to test for this issue. More details about the vulnerability can be found at https://www.drupal.org/sa-core-2019-003.
This new detection is part of an ongoing effort to provide support for known vulnerabilities in application frameworks.