Lucene search
K

23 matches found

Nuclei
Nuclei
added 2026/06/16 7:13 a.m.185 views

Drupal SQL Injection

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing specially crafted keys. id: CVE-2014-3704 info: name: Drupal SQL...

7.5CVSS7.2AI score0.99974EPSS
Exploits20References7
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.26 views

Mageia: Security Advisory (MGASA-2014-0423)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.5AI score0.99974EPSS
Exploits20References8
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.3 views

VulnCheck KEV: CVE-2014-3704

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys...

7.5CVSS7AI score0.99974EPSS
Exploits20References1
Nmap
Nmap
added 2015/12/14 9:29 p.m.1442 views

http-vuln-cve2014-3704 NSE Script

Exploits CVE-2014-3704 also known as 'Drupageddon' in Drupal. Versions 7.32 of Drupal core are known to be affected. Vulnerability allows remote attackers to conduct SQL injection attacks via an array containing crafted keys. The script injects new Drupal administrator user via login form and the...

10CVSS0.99974EPSS
Exploits53
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.64 views

Drupal Core <= 7.32 - SQL Injection (PHP)

No description provided by source. ?php ----------------------------------------------------------------------------- Exploit Title: Drupal core 7.x - SQL Injection Date: Oct 16 2014 Exploit Author: Dustin Dörr Software Link: http://www.drupal.com/ Version: Drupal core 7.x versions prior to 7.32...

7.5CVSS7.2AI score0.99974EPSS
Exploits20
F5 Networks
F5 Networks
added 2014/11/03 12:0 a.m.67 views

SOL15782 - SQL injection vulnerability CVE-2014-3704

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

7.5CVSS2.8AI score0.99974EPSS
Exploits20References4
Tenable Nessus
Tenable Nessus
added 2014/11/03 12:0 a.m.49 views

Fedora 21 : drupal7-7.32-1.fc21 (2014-12934)

Update to upstream 7.32 security release for SA-CORE-2014-005, CVE-2014-3704 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

7.5CVSS6.9AI score0.99974EPSS
Exploits20References3
OpenVAS
OpenVAS
added 2014/10/30 12:0 a.m.69 views

Drupal Core SQLi Vulnerability (SA-CORE-2014-005) - Active Check

Drupal is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal";...

7.5CVSS8.4AI score0.99974EPSS
Exploits20References2
OpenVAS
OpenVAS
added 2014/10/29 12:0 a.m.37 views

Fedora Update for drupal7 FEDORA-2014-13030

Check the version of drupal7 SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868440";...

7.5CVSS8AI score0.99974EPSS
Exploits20References2
OSV
OSV
added 2014/10/25 8:23 p.m.13 views

MGASA-2014-0423 Updated drupal packages fix security vulnerability

An SQL Injection issue exists in Drupal before 7.32 due to the way the Drupal core handles prepared statements. A malicious user can inject arbitrary SQL queries, and thereby completely control the Drupal site. This vulnerability can be exploited by remote attackers without any kind of...

7.5CVSS7.4AI score0.99974EPSS
Exploits20References7
myhack58
myhack58
added 2014/10/22 12:0 a.m.41 views

Drupal 7. x SQL Injection exp (CVE-2 0 1 4-3 7 0 4)-vulnerability warning-the black bar safety net

| 1 | import urllib2,sys ---|--- 2 | from drupalpass import DrupalHash https://github.com/cvangysel/gitexd-drupalorg/blob/master/drupalorg/drupalpass.py ---|--- 3 | if lensys. argv != 4: ---|--- 4 | print "" ---|--- 5 | print "python 7.xSQL.py admin 1 2 3 4 5 6" ---|--- 6 | print "" ---|--- 7 |...

7.2AI score
Exploits0
0day.today
0day.today
added 2014/10/18 12:0 a.m.171 views

Drupal HTTP Parameter Key/Value SQL Injection Vulnerability

This Metasploit module exploits the Drupal HTTP Parameter Key/Value SQL Injection aka Drupageddon in order to achieve a remote shell on the vulnerable instance. This Metasploit module was tested against Drupal 7.0 and 7.31 was fixed in 7.32. This module requires Metasploit:...

7.5CVSS0.1AI score0.99974EPSS
Exploits20
Hacker One
Hacker One
added 2014/10/17 10:50 a.m.461 views

Internet Bug Bounty: Drupal 7 pre auth sql injection and remote code execution

Motivation I found a SQL Injection bug in Drupal $value ... $newkeys$key . '' . $i = $value; The function assumes that it is called with an array which has no keys. Example: dbquery"SELECT FROM users where name IN :name", array':name'=array'user1','user2'; Which results in this SQL Statement SELE...

7.5CVSS8.3AI score0.99974EPSS
Exploits20
exploitpack
exploitpack
added 2014/10/17 12:0 a.m.253 views

Drupal 7.0 7.31 - Drupalgeddon SQL Injection (PoC) (Reset Password) (2)

Drupal 7.0 7.31 - Drupalgeddon SQL Injection PoC Reset Password 2 array 'method' = 'POST', 'header' = "Content-Type: application/x-www-form-urlencoded\r\n", 'content' = $postdata ; $ctx = streamcontextcreate$params; $data = filegetcontents$url . '?q=node&destination=node', null, $ctx;...

7.5CVSS0.2AI score0.99974EPSS
Exploits20
Exploit DB
Exploit DB
added 2014/10/17 12:0 a.m.111 views

Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (PoC) (Reset Password) (2)

array 'method' = 'POST', 'header' = "Content-Type: application/x-www-form-urlencoded\r\n", 'content' = $postdata ; $ctx = streamcontextcreate$params; $data = filegetcontents$url . '?q=node&destination=node', null, $ctx; ifstristr$data, 'mbstrlen expects parameter 1 to be string' && $data echo...

7.5CVSS7.2AI score0.99974EPSS
Exploits20
NVD
NVD
added 2014/10/16 12:55 a.m.23 views

CVE-2014-3704

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys...

7.5CVSS7.3AI score0.99974EPSS
Exploits20References17
UbuntuCve
UbuntuCve
added 2014/10/16 12:55 a.m.62 views

CVE-2014-3704

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys...

7.5CVSS7AI score0.99974EPSS
Exploits20References4
Cvelist
Cvelist
added 2014/10/16 12:0 a.m.30 views

CVE-2014-3704

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys...

6.8AI score0.99974EPSS
Exploits20References17
CVE
CVE
added 2014/10/16 12:0 a.m.409 views

CVE-2014-3704

CVE-2014-3704 affects Drupal core 7.x; the expandArguments function in the database abstraction API does not properly construct prepared statements, enabling remote SQL injection via an array with crafted keys. Affected are Drupal core 7.x prior to 7.32 (pre-auth vulnerability). Potential impact ...

7.5CVSS7AI score0.99974EPSS
Exploits20References17Affected Software1
Circl
Circl
added 2014/10/16 12:0 a.m.26 views

CVE-2014-3704

creationtimestamp| type| source ---|---|--- 2014-10-16 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/34984 2014-10-17 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/34992 2014-10-17 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/34993 2014-11-03...

7.5CVSS7AI score0.99974EPSS
Exploits20References6
Rows per page
Query Builder