1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Drupal SQL Injection CVE-2014-3704 2

Web Attack: Drupal SQL Injection CVE-2014-3704 2

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit an SQL Injection vulnerability in Drupal core.

Additional Information

Drupal is a content manager.

Drupal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Specifically, this issue affects in the database abstraction API.

Exploiting this issue could allow an attacker to execute arbitrary code, to gain elevated privileges and to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Affected

  • Drupal 7.x versions prior to 7.32 are vulnerable.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube