Signature Detail

HTTP: Drupal Core database.inc expandArguments SQL Injection

A SQL injection vulnerability has been found in Drupal Core. The vulnerability is due to insufficient validation of user-supplied data when expanding argument values used in SQL queries. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted parameter to a Drupal Core server. Successful exploitation could lead to arbitrary code execution under the security context of the server.

Extended Description

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.

Affected Products

• Drupal drupal_core 7.0
• Drupal drupal_core 7.01
• Drupal drupal_core 7.02
• Drupal drupal_core 7.03
• Drupal drupal_core 7.04
• Drupal drupal_core 7.05
• Drupal drupal_core 7.06
• Drupal drupal_core 7.07
• Drupal drupal_core 7.08
• Drupal drupal_core 7.09
• Drupal drupal_core 7.10
• Drupal drupal_core 7.11
• Drupal drupal_core 7.12
• Drupal drupal_core 7.13
• Drupal drupal_core 7.14
• Drupal drupal_core 7.15
• Drupal drupal_core 7.16
• Drupal drupal_core 7.17
• Drupal drupal_core 7.18
• Drupal drupal_core 7.19
• Drupal drupal_core 7.20
• Drupal drupal_core 7.21
• Drupal drupal_core 7.22
• Drupal drupal_core 7.23
• Drupal drupal_core 7.24
• Drupal drupal_core 7.25
• Drupal drupal_core 7.26
• Drupal drupal_core 7.27
• Drupal drupal_core 7.28
• Drupal drupal_core 7.29
• Drupal drupal_core 7.30
• Drupal drupal_core 7.31

References

• CVE: CVE-2014-3704