Short Name |
HTTP:SQL:INJ:DRUPAL-DATABASE |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Drupal Core database.inc expandArguments SQL Injection |
Release Date |
2015/06/12 |
Update Number |
2504 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
A SQL injection vulnerability has been found in Drupal Core. The vulnerability is due to insufficient validation of user-supplied data when expanding argument values used in SQL queries. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted parameter to a Drupal Core server. Successful exploitation could lead to arbitrary code execution under the security context of the server.
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.