Description
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
Solution(s)
drupal-cve-2014-3704
Referenceshttps://attackerkb.com/topics/cve-2014-3704 70595 CVE - 2014-3704 DSA-3051 https://www.drupal.org/SA-CORE-2014-005
Source Sites
Subscribe to an RSS Feed
Blog Archive
- August 2020 (560)
- September 2020 (1436)
- October 2020 (1159)
- November 2020 (1093)
- December 2020 (1314)
- January 2021 (1645)
- February 2021 (1414)
- March 2021 (1221)
- April 2021 (1028)
- May 2021 (986)
- June 2021 (528)
- July 2021 (622)
- August 2021 (748)
- September 2021 (728)
- October 2021 (1130)
- November 2021 (911)
- December 2021 (668)
- January 2022 (627)
- February 2022 (553)
- March 2022 (348)
- April 2022 (169)
- May 2022 (37)