23 matches found
Drupal SQL Injection
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing specially crafted keys. id: CVE-2014-3704 info: name: Drupal SQL...
Mageia: Security Advisory (MGASA-2014-0423)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
VulnCheck KEV: CVE-2014-3704
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys...
http-vuln-cve2014-3704 NSE Script
Exploits CVE-2014-3704 also known as 'Drupageddon' in Drupal. Versions 7.32 of Drupal core are known to be affected. Vulnerability allows remote attackers to conduct SQL injection attacks via an array containing crafted keys. The script injects new Drupal administrator user via login form and the...
Drupal Core <= 7.32 - SQL Injection (PHP)
No description provided by source. ?php ----------------------------------------------------------------------------- Exploit Title: Drupal core 7.x - SQL Injection Date: Oct 16 2014 Exploit Author: Dustin Dörr Software Link: http://www.drupal.com/ Version: Drupal core 7.x versions prior to 7.32...
SOL15782 - SQL injection vulnerability CVE-2014-3704
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents. SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
Fedora 21 : drupal7-7.32-1.fc21 (2014-12934)
Update to upstream 7.32 security release for SA-CORE-2014-005, CVE-2014-3704 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...
Drupal Core SQLi Vulnerability (SA-CORE-2014-005) - Active Check
Drupal is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal";...
Fedora Update for drupal7 FEDORA-2014-13030
Check the version of drupal7 SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868440";...
MGASA-2014-0423 Updated drupal packages fix security vulnerability
An SQL Injection issue exists in Drupal before 7.32 due to the way the Drupal core handles prepared statements. A malicious user can inject arbitrary SQL queries, and thereby completely control the Drupal site. This vulnerability can be exploited by remote attackers without any kind of...
Drupal 7. x SQL Injection exp (CVE-2 0 1 4-3 7 0 4)-vulnerability warning-the black bar safety net
| 1 | import urllib2,sys ---|--- 2 | from drupalpass import DrupalHash https://github.com/cvangysel/gitexd-drupalorg/blob/master/drupalorg/drupalpass.py ---|--- 3 | if lensys. argv != 4: ---|--- 4 | print "" ---|--- 5 | print "python 7.xSQL.py admin 1 2 3 4 5 6" ---|--- 6 | print "" ---|--- 7 |...
Drupal HTTP Parameter Key/Value SQL Injection Vulnerability
This Metasploit module exploits the Drupal HTTP Parameter Key/Value SQL Injection aka Drupageddon in order to achieve a remote shell on the vulnerable instance. This Metasploit module was tested against Drupal 7.0 and 7.31 was fixed in 7.32. This module requires Metasploit:...
Internet Bug Bounty: Drupal 7 pre auth sql injection and remote code execution
Motivation I found a SQL Injection bug in Drupal $value ... $newkeys$key . '' . $i = $value; The function assumes that it is called with an array which has no keys. Example: dbquery"SELECT FROM users where name IN :name", array':name'=array'user1','user2'; Which results in this SQL Statement SELE...
Drupal 7.0 7.31 - Drupalgeddon SQL Injection (PoC) (Reset Password) (2)
Drupal 7.0 7.31 - Drupalgeddon SQL Injection PoC Reset Password 2 array 'method' = 'POST', 'header' = "Content-Type: application/x-www-form-urlencoded\r\n", 'content' = $postdata ; $ctx = streamcontextcreate$params; $data = filegetcontents$url . '?q=node&destination=node', null, $ctx;...
Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (PoC) (Reset Password) (2)
array 'method' = 'POST', 'header' = "Content-Type: application/x-www-form-urlencoded\r\n", 'content' = $postdata ; $ctx = streamcontextcreate$params; $data = filegetcontents$url . '?q=node&destination=node', null, $ctx; ifstristr$data, 'mbstrlen expects parameter 1 to be string' && $data echo...
CVE-2014-3704
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys...
CVE-2014-3704
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys...
CVE-2014-3704
Removed by vendor...
CVE-2014-3704
CVE-2014-3704 affects Drupal core 7.x; the expandArguments function in the database abstraction API does not properly construct prepared statements, enabling remote SQL injection via an array with crafted keys. Affected are Drupal core 7.x prior to 7.32 (pre-auth vulnerability). Potential impact ...
CVE-2014-3704
creationtimestamp| type| source ---|---|--- 2014-10-16 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/34984 2014-10-17 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/34992 2014-10-17 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/34993 2014-11-03...