VYPR
Unrated severityNVD Advisory· Published Oct 16, 2014· Updated Jun 17, 2026

CVE-2014-3704

CVE-2014-3704

Description

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Drupal/Drupal2 versions
    cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*range: >=7.0,<7.32
    • (no CPE)range: < 7.32
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

17

News mentions

0

No linked articles in our index yet.