SQL Injection Vulnerability in Drupal Core 7.x by Acquia
CVE-2014-3704
Currently unrated
Key Information:
Badges
👾 Exploit Exists🟡 Public PoC🟣 EPSS 94%
What is CVE-2014-3704?
The expandArguments function in the database abstraction API of Drupal Core 7.x prior to version 7.32 fails to construct prepared statements properly. This vulnerability enables remote attackers to execute SQL injection attacks by sending specially crafted arrays, potentially leading to unauthorized access to sensitive data or complete system compromise.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.