Your submission was sent successfully! Close

CVE-2014-3704

Published: 16 October 2014

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.

Priority

Medium

Status

Package Release Status
drupal6
Launchpad, Ubuntu, Debian
lucid Not vulnerable

precise Not vulnerable

trusty Does not exist

upstream Not vulnerable

utopic Does not exist

drupal7
Launchpad, Ubuntu, Debian
lucid Does not exist

precise
Released (7.12-1ubuntu0.1)
trusty Does not exist
(trusty was released [7.26-1ubuntu0.1])
upstream
Released (7.32-1)
utopic Not vulnerable
(7.32-1)