Showing 1 - 7 of 7

CVE-2014-3704

Status Candidate

Overview

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.

Related Files

Mandriva Linux Security Advisory 2015-181: Posted Mar 31, 2015; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2015-181 - Updated drupal packages fix multiple security vulnerabilities.; tags | advisory, vulnerability; systems | linux, mandriva; advisories | CVE-2014-2983, CVE-2014-3704, CVE-2014-5019, CVE-2014-5020, CVE-2014-5021, CVE-2014-5022, CVE-2014-9015, CVE-2014-9016, CVE-2015-2559, CVE-2015-2749, CVE-2015-2750; MD5 | 0240fabab23e9a0a598709267a074bb3; Download | Favorite | Comments (0)

Drupal HTTP Parameter Key/Value SQL Injection: Posted Oct 18, 2014; Authored by Brandon Perry, Christian Mehlmauer, SektionEins | Site metasploit.com; This Metasploit module exploits the Drupal HTTP Parameter Key/Value SQL Injection (aka Drupageddon) in order to achieve a remote shell on the vulnerable instance. This Metasploit module was tested against Drupal 7.0 and 7.31 (was fixed in 7.32).; tags | exploit, remote, web, shell, sql injection; advisories | CVE-2014-3704; MD5 | a8306d84d19d3095b312666b206546a1; Download | Favorite | Comments (0)

Drupal 7.x SQL Injection: Posted Oct 17, 2014; Authored by Milan Kragujevic; Drupal Core versions 7.32 and below remote SQL injection exploit. Written in PHP.; tags | exploit, remote, php, sql injection; advisories | CVE-2014-3704; MD5 | 4374a49993ddf148ef027f0be432f32c; Download | Favorite | Comments (0)

Drupal Core 7.32 SQL Injection: Posted Oct 17, 2014; Authored by fyukyuk; Drupal Core versions 7.32 and below remote SQL injection exploit. Written in Python.; tags | exploit, remote, sql injection, python; advisories | CVE-2014-3704; MD5 | 1e5dc71fd7b0abe1041c10cd3b5d6936; Download | Favorite | Comments (0)

Debian Security Advisory 3051-1: Posted Oct 17, 2014; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3051-1 - Stefan Horst discovered a vulnerability in the Drupal database abstraction API, which may result in SQL injection.; tags | advisory, sql injection; systems | linux, debian; advisories | CVE-2014-3704; MD5 | 699b6ce677aa0c81fbfe82879530da48; Download | Favorite | Comments (0)

Drupal 7.X SQL Injection: Posted Oct 16, 2014; Authored by Claudio Viviani; Drupal versions 7.0 through 7.31 suffer from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; advisories | CVE-2014-3704; MD5 | 8244a1135ddb4e99909b9a3e3d2bce43; Download | Favorite | Comments (0)

Drupal 7.31 SQL Injection: Posted Oct 16, 2014; Authored by Stefan Horst; Drupal versions 7.0 through 7.31 suffer from a pre-authentication remote SQL injection vulnerability.; tags | advisory, remote, sql injection; advisories | CVE-2014-3704; MD5 | dc7a6339ae60c1eec1fa92e072331db4; Download | Favorite | Comments (0)

Page 1 of 1 Back 1 Next

Want To Donate?

Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

Red Hat 134 files
Ubuntu 42 files
Debian 30 files
Borna Nematzadeh 14 files
Google Security Research 11 files
Slackware Security Team 11 files
LiquidWorm 10 files
Gentoo 9 files
hyp3rlinx 8 files
t4rkd3vilz 8 files

File Archives

Systems

AIX (409)
Apple (1,546)
BSD (335)
Cisco (1,810)
Debian (5,514)
Fedora (1,681)
FreeBSD (1,195)
Gentoo (3,570)
HPUX (865)
iOS (173)
iPhone (103)
IRIX (219)
Juniper (66)
Linux (33,448)
Mac OS X (652)
Mandriva (3,105)
NetBSD (255)
OpenBSD (456)
RedHat (6,531)
Slackware (825)
Solaris (1,569)
SUSE (1,444)
Ubuntu (5,628)
UNIX (8,267)
UnixWare (172)
Windows (5,332)
Other