Internet Bug Bounty: Drupal 7 pre auth sql injection and remote code execution
Motivation I found a SQL Injection bug in Drupal $value ... $newkeys$key . '' . $i = $value; The function assumes that it is called with an array which has no keys. Example: dbquery"SELECT FROM users where name IN :name", array':name'=array'user1','user2'; Which results in this SQL Statement SELE...