CVE-2014-3704
Currently unrated 🤨
Key Information
- Vendor
- Drupal
- Status
- Drupal
- Vendor
- CVE Published:
- 16 October 2014
Badges
👾 Exploit Exists🔴 Public PoC🟣 EPSS 97%
Summary
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
EPSS Score
97% chance of being exploited in the next 30 days.
Timeline
- 👾
Exploit exists.
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database2 Proof of Concept(s)