Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

F5 Networks
F5 Networksadded 2023/02/21 6:15 p.m.219 views

K15782: SQL injection vulnerability CVE-2014-3704

Security Advisory Description The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys. CVE-2014-3704 Impact None...

7.5CVSS7.2AI score0.94366EPSS
Exploits20
VulnCheck KEV
VulnCheck KEVadded 2021/04/12 12:0 a.m.0 views

VulnCheck KEV: CVE-2014-3704

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys...

7.5CVSS7AI score0.94366EPSS
Exploits20References1
UbuntuCve
UbuntuCveadded 2014/10/16 12:55 a.m.57 views

CVE-2014-3704

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys...

7.5CVSS7AI score0.94366EPSS
Exploits20References4
Prion
Prionadded 2014/10/16 12:55 a.m.23 views

Sql injection

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys...

7.5CVSS8AI score0.94366EPSS
Exploits20References17Affected Software2
Positive Technologies
Positive Technologiesadded 2014/10/16 12:0 a.m.4 views

PT-2014-5461 · Drupal · Drupal

Name of the Vulnerable Software and Affected Versions: Drupal core versions prior to 7.32 Description: The issue concerns the expandArguments function in the database abstraction API, which does not properly construct prepared statements. This allows remote attackers to conduct SQL injection...

7.5CVSS7.1AI score0.94366EPSS
Exploits20References35
Cvelist
Cvelistadded 2014/10/16 12:0 a.m.25 views

CVE-2014-3704

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys...

6.8AI score0.94366EPSS
Exploits20References17
Tenable Nessus
Tenable Nessusadded 2014/10/16 12:0 a.m.157 views

Drupal Database Abstraction API SQLi

The remote web server is running a version of Drupal that is affected by a SQL injection vulnerability due to a flaw in the Drupal database abstraction API, which allows a remote attacker to use specially crafted requests that can result in arbitrary SQL execution. This may lead to privilege...

7.5CVSS7.5AI score0.94366EPSS
Exploits20References3
Debian CVE
Debian CVEadded 2014/10/16 12:0 a.m.42 views

CVE-2014-3704

Removed by vendor...

7.5CVSS7AI score0.94366EPSS
Exploits20
Drupal
Drupaladded 2014/10/15 12:0 a.m.768 views

SA-CORE-2014-005 - Drupal core - SQL injection

Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the...

7.5CVSS7.6AI score0.94366EPSS
Exploits20References14
Rows per page
Query Builder