Unrated severityNVD Advisory· Published Oct 16, 2014· Updated Jun 17, 2026
CVE-2014-3704
CVE-2014-3704
Description
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
17- www.drupal.org/SA-CORE-2014-005nvdPatchVendor Advisory
- packetstormsecurity.com/files/128720/Drupal-7.X-SQL-Injection.htmlnvdExploitThird Party AdvisoryVDB Entry
- packetstormsecurity.com/files/128721/Drupal-7.31-SQL-Injection.htmlnvdExploitThird Party AdvisoryVDB Entry
- packetstormsecurity.com/files/128741/Drupal-HTTP-Parameter-Key-Value-SQL-Injection.htmlnvdExploitThird Party AdvisoryVDB Entry
- seclists.org/fulldisclosure/2014/Oct/75nvdExploitMailing ListPatchThird Party Advisory
- www.exploit-db.com/exploits/34984nvdExploitThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/34992nvdExploitThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/34993nvdExploitThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/35150nvdExploitThird Party AdvisoryVDB Entry
- www.openwall.com/lists/oss-security/2014/10/15/23nvdExploitMailing ListPatch
- www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.htmlnvdExploitPatchThird Party Advisory
- www.sektioneins.de/en/blog/14-11-03-drupal-sql-injection-vulnerability-PoC.htmlnvdExploitThird Party Advisory
- secunia.com/advisories/59972nvdThird Party Advisory
- www.debian.org/security/2014/dsa-3051nvdThird Party Advisory
- www.securityfocus.com/archive/1/533706/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/70595nvdThird Party AdvisoryVDB Entry
- osvdb.org/show/osvdb/113371nvdBroken Link
News mentions
0No linked articles in our index yet.