The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
osvdb.org/show/osvdb/113371
packetstormsecurity.com/files/128720/Drupal-7.X-SQL-Injection.html
packetstormsecurity.com/files/128721/Drupal-7.31-SQL-Injection.html
packetstormsecurity.com/files/128741/Drupal-HTTP-Parameter-Key-Value-SQL-Injection.html
seclists.org/fulldisclosure/2014/Oct/75
secunia.com/advisories/59972
www.debian.org/security/2014/dsa-3051
www.exploit-db.com/exploits/34984
www.exploit-db.com/exploits/34992
www.exploit-db.com/exploits/34993
www.exploit-db.com/exploits/35150
www.openwall.com/lists/oss-security/2014/10/15/23
www.securityfocus.com/archive/1/533706/100/0/threaded
www.securityfocus.com/bid/70595
www.drupal.org/SA-CORE-2014-005
www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html
www.sektioneins.de/en/blog/14-11-03-drupal-sql-injection-vulnerability-PoC.html