Current tag: drupal
Drupal 7 SQL Injection (CVE-2014-3704)
Written on:October 17, 2014

Introduction This vuln has been getting a lot of attention, and rightfully so. The good news is an update is available (and a supplemental patch has been released as well). The bad news is that it’s pre-auth SQLi. The basic problem is the way Drupal core 7.x versions prior to 7.32 construct a SQL query. Contrary to some claims, this is not a flaw in the use of prepared statements/parameterized queries, which…
Read more...In category: Exploits, Web Security
Tags:cve , CVE-2014-3704 , drupal , exploit , injection , poc , proof of concept , sql , sql injection , sqli
Tags:cve , CVE-2014-3704 , drupal , exploit , injection , poc , proof of concept , sql , sql injection , sqli
are closed