Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Drupal Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2014-3704 - Vulnerability Database
Drupal

Drupal Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2014-3704

High
Reference: CVE-2014-3704
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2014-3704
Title: Drupal Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.