Showing 1 - 7 of 7

CVE-2014-3704

Status Candidate

Overview

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.

Related Files

Mandriva Linux Security Advisory 2015-181: Posted Mar 31, 2015; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2015-181 - Updated drupal packages fix multiple security vulnerabilities.; tags | advisory, vulnerability; systems | linux, mandriva; advisories | CVE-2014-2983, CVE-2014-3704, CVE-2014-5019, CVE-2014-5020, CVE-2014-5021, CVE-2014-5022, CVE-2014-9015, CVE-2014-9016, CVE-2015-2559, CVE-2015-2749, CVE-2015-2750; SHA-256 | 4fece48fbf9967314d0f4f390197211e43659b51085e37d95cea8466124db95a; Download | Favorite | View

Drupal HTTP Parameter Key/Value SQL Injection: Posted Oct 18, 2014; Authored by Brandon Perry, Christian Mehlmauer, SektionEins | Site metasploit.com; This Metasploit module exploits the Drupal HTTP Parameter Key/Value SQL Injection (aka Drupageddon) in order to achieve a remote shell on the vulnerable instance. This Metasploit module was tested against Drupal 7.0 and 7.31 (was fixed in 7.32).; tags | exploit, remote, web, shell, sql injection; advisories | CVE-2014-3704; SHA-256 | 59c783da21c64e0178897d8573702afbd579b90f368e1d6b75b500bd779f1e7d; Download | Favorite | View

Drupal 7.x SQL Injection: Posted Oct 17, 2014; Authored by Milan Kragujevic; Drupal Core versions 7.32 and below remote SQL injection exploit. Written in PHP.; tags | exploit, remote, php, sql injection; advisories | CVE-2014-3704; SHA-256 | 6a679975d4aedf7fae60ac5967b6a7a0f2df824c655818737129b9469834931c; Download | Favorite | View

Drupal Core 7.32 SQL Injection: Posted Oct 17, 2014; Authored by fyukyuk; Drupal Core versions 7.32 and below remote SQL injection exploit. Written in Python.; tags | exploit, remote, sql injection, python; advisories | CVE-2014-3704; SHA-256 | f2134892d4d8b5b802d94df2c65358a4666289ce2461ddd91028b87140992ab9; Download | Favorite | View

Debian Security Advisory 3051-1: Posted Oct 17, 2014; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3051-1 - Stefan Horst discovered a vulnerability in the Drupal database abstraction API, which may result in SQL injection.; tags | advisory, sql injection; systems | linux, debian; advisories | CVE-2014-3704; SHA-256 | b58ac7fafe37dea51b8061aebe0fc05e4f3aa3ce9d45c41142522595831636d3; Download | Favorite | View

Drupal 7.X SQL Injection: Posted Oct 16, 2014; Authored by Claudio Viviani; Drupal versions 7.0 through 7.31 suffer from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; advisories | CVE-2014-3704; SHA-256 | 9334b6a6e29d21e0ca0b95e292aa9748f72a53b287557bce5063375a461b299e; Download | Favorite | View

Drupal 7.31 SQL Injection: Posted Oct 16, 2014; Authored by Stefan Horst; Drupal versions 7.0 through 7.31 suffer from a pre-authentication remote SQL injection vulnerability.; tags | advisory, remote, sql injection; advisories | CVE-2014-3704; SHA-256 | f35969a96fc3edeea7c6ff6dae1ff02d6ed45becae3aa463f435daf8161a7cfc; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 223 files
Ubuntu 61 files
Debian 20 files
LiquidWorm 20 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,160)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,842)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,249)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,975)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

CVE-2014-3704

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems