Russian Vulnerability Scanner Database

Back to List

CVE-2014-3704

Scores

EPSS Score

0.9440

CVSS

3.x 0.0

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

All CVSS Scores

CVSS 4.0
0.0
CVSS 3.x
0.0
CVSS 2.0
7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Description

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.

Sources

debiannvdubuntu

CWEs

CWE-89

Exploits

Exploit ID: 34984

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34984

Exploit ID: 34992

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34992

Exploit ID: 34993

Source: exploitdb

URL: https://www.exploit-db.com/exploits/34993

Exploit ID: 35150

Source: exploitdb

URL: https://www.exploit-db.com/exploits/35150

Exploit ID: 44355

Source: exploitdb

URL: https://www.exploit-db.com/exploits/44355

Exploit ID: CVE-2014-3704

Source: github-poc

URL: https://github.com/joaomorenorf/CVE-2014-3704

Reference Links

http://osvdb.org/show/osvdb/113371
http://packetstormsecurity.com/files/128720/Drupal-7.X-SQL-Injection.html
http://packetstormsecurity.com/files/128721/Drupal-7.31-SQL-Injection.html
http://packetstormsecurity.com/files/128741/Drupal-HTTP-Parameter-Key-Value-SQL-Injection.html
http://seclists.org/fulldisclosure/2014/Oct/75
http://secunia.com/advisories/59972
http://www.debian.org/security/2014/dsa-3051
http://www.exploit-db.com/exploits/34984
http://www.exploit-db.com/exploits/34992
http://www.exploit-db.com/exploits/34993
http://www.exploit-db.com/exploits/35150
http://www.openwall.com/lists/oss-security/2014/10/15/23
http://www.securityfocus.com/archive/1/533706/100/0/threaded
http://www.securityfocus.com/bid/70595
https://www.drupal.org/SA-CORE-2014-005
https://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html
https://www.sektioneins.de/en/blog/14-11-03-drupal-sql-injection-vulnerability-PoC.html
https://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html
https://www.drupal.org/SA-CORE-2014-005
http://www.openwall.com/lists/oss-security/2014/10/15/23
https://www.cve.org/CVERecord?id=CVE-2014-3704

Vulnerable Software

Type: Configuration

Product: drupal6

Operating System: debian

Trait: 
{
  "unaffected": true
}

Source: debian

Type: Configuration

Product: drupal7

Operating System: ubuntu trusty 14.04

Trait: 
{
  "fixed": "7.26-1ubuntu0.1"
}

Source: ubuntu

Type: Configuration

Product: drupal7

Operating System: debian

Trait: 
{
  "fixed": "7.32-1"
}

Source: debian

Type: Configuration

Vendor: debian

Product: debian_linux

Operating System: * * *

Trait: 
{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
      "vulnerable": true
    }
  ],
  "operator": "OR"
}

Source: nvd

Type: Configuration

Vendor: drupal

Product: drupal

Operating System: * * *

Trait: 
{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "7.32",
      "versionStartIncluding": "7.0",
      "vulnerable": true
    }
  ],
  "operator": "OR"
}

Source: nvd