CVE-2014-3704 in Drupalinfo

Summary

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

05/14/2014

Disclosure

10/15/2014

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
68037	Drupal Database Abstraction API expandArguments sql injection	89	High	Official fix	CVE-2014-3704

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Might our Artificial Intelligence support you?

Check our Alexa App!