Showing 1 - 7 of 7

CVE-2014-3704

Status Candidate

Overview

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.

Related Files

Mandriva Linux Security Advisory 2015-181: Posted Mar 31, 2015; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2015-181 - Updated drupal packages fix multiple security vulnerabilities.; tags | advisory, vulnerability; systems | linux, mandriva; advisories | CVE-2014-2983, CVE-2014-3704, CVE-2014-5019, CVE-2014-5020, CVE-2014-5021, CVE-2014-5022, CVE-2014-9015, CVE-2014-9016, CVE-2015-2559, CVE-2015-2749, CVE-2015-2750; MD5 | 0240fabab23e9a0a598709267a074bb3; Download | Favorite | Comments (0)

Drupal HTTP Parameter Key/Value SQL Injection: Posted Oct 18, 2014; Authored by Brandon Perry, Christian Mehlmauer, SektionEins | Site metasploit.com; This Metasploit module exploits the Drupal HTTP Parameter Key/Value SQL Injection (aka Drupageddon) in order to achieve a remote shell on the vulnerable instance. This Metasploit module was tested against Drupal 7.0 and 7.31 (was fixed in 7.32).; tags | exploit, remote, web, shell, sql injection; advisories | CVE-2014-3704; MD5 | a8306d84d19d3095b312666b206546a1; Download | Favorite | Comments (0)

Drupal 7.x SQL Injection: Posted Oct 17, 2014; Authored by Milan Kragujevic; Drupal Core versions 7.32 and below remote SQL injection exploit. Written in PHP.; tags | exploit, remote, php, sql injection; advisories | CVE-2014-3704; MD5 | 4374a49993ddf148ef027f0be432f32c; Download | Favorite | Comments (0)

Drupal Core 7.32 SQL Injection: Posted Oct 17, 2014; Authored by fyukyuk; Drupal Core versions 7.32 and below remote SQL injection exploit. Written in Python.; tags | exploit, remote, sql injection, python; advisories | CVE-2014-3704; MD5 | 1e5dc71fd7b0abe1041c10cd3b5d6936; Download | Favorite | Comments (0)

Debian Security Advisory 3051-1: Posted Oct 17, 2014; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3051-1 - Stefan Horst discovered a vulnerability in the Drupal database abstraction API, which may result in SQL injection.; tags | advisory, sql injection; systems | linux, debian; advisories | CVE-2014-3704; MD5 | 699b6ce677aa0c81fbfe82879530da48; Download | Favorite | Comments (0)

Drupal 7.X SQL Injection: Posted Oct 16, 2014; Authored by Claudio Viviani; Drupal versions 7.0 through 7.31 suffer from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; advisories | CVE-2014-3704; MD5 | 8244a1135ddb4e99909b9a3e3d2bce43; Download | Favorite | Comments (0)

Drupal 7.31 SQL Injection: Posted Oct 16, 2014; Authored by Stefan Horst; Drupal versions 7.0 through 7.31 suffer from a pre-authentication remote SQL injection vulnerability.; tags | advisory, remote, sql injection; advisories | CVE-2014-3704; MD5 | dc7a6339ae60c1eec1fa92e072331db4; Download | Favorite | Comments (0)

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 62 files
Ihsan Sencan 48 files
Google Security Research 39 files
Ubuntu 38 files
Ismail Tasdelen 30 files
Debian 16 files
Jann Horn 9 files
LiquidWorm 9 files
Ivan Fratric 9 files
ianbeer 8 files

File Archives

Systems

AIX (411)
Apple (1,586)
BSD (341)
Cisco (1,827)
Debian (5,617)
Fedora (1,683)
FreeBSD (1,201)
Gentoo (3,598)
HPUX (867)
iOS (190)
iPhone (104)
IRIX (219)
Juniper (66)
Linux (34,187)
Mac OS X (653)
Mandriva (3,105)
NetBSD (255)
OpenBSD (458)
RedHat (6,824)
Slackware (858)
Solaris (1,575)
SUSE (1,444)
Ubuntu (5,843)
UNIX (8,350)
UnixWare (174)
Windows (5,386)
Other

CVE-2014-3704

Overview

Related Files

File Archive:

October 2018

Top Authors In Last 30 Days

File Tags

File Archives

Systems