CVE-2014-3704

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.openwall.com/lists/oss-security/2014/10/15/23	Exploit Mailing List Patch
https://www.drupal.org/SA-CORE-2014-005	Patch Vendor Advisory
https://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html	Exploit Patch Third Party Advisory
http://www.debian.org/security/2014/dsa-3051	Third Party Advisory
http://secunia.com/advisories/59972	Third Party Advisory
http://www.exploit-db.com/exploits/34993	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/128741/Drupal-HTTP-Parameter-Key-Value-SQL-Injection.html	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/128721/Drupal-7.31-SQL-Injection.html	Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/70595	Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2014/Oct/75	Exploit Mailing List Patch Third Party Advisory
http://packetstormsecurity.com/files/128720/Drupal-7.X-SQL-Injection.html	Exploit Third Party Advisory VDB Entry
https://www.sektioneins.de/en/blog/14-11-03-drupal-sql-injection-vulnerability-PoC.html	Exploit Third Party Advisory
http://osvdb.org/show/osvdb/113371	Broken Link
http://www.exploit-db.com/exploits/34984	Exploit Third Party Advisory VDB Entry
http://www.exploit-db.com/exploits/34992	Exploit Third Party Advisory VDB Entry
http://www.exploit-db.com/exploits/35150	Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/533706/100/0/threaded	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Information

Published : 2014-10-15 17:55

Updated : 2021-09-29 07:08

NVD link : CVE-2014-3704

Mitre link : CVE-2014-3704

JSON object : View

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Products Affected

debian

debian_linux

drupal

drupal

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.openwall.com/lists/oss-security/2014/10/15/23", "name": "[oss-security] 20141015 Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability", "tags": ["Exploit", "Mailing List", "Patch"], "refsource": "MLIST"}, {"url": "https://www.drupal.org/SA-CORE-2014-005", "name": "https://www.drupal.org/SA-CORE-2014-005", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html", "name": "https://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html", "tags": ["Exploit", "Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "http://www.debian.org/security/2014/dsa-3051", "name": "DSA-3051", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://secunia.com/advisories/59972", "name": "59972", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.exploit-db.com/exploits/34993", "name": "34993", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "refsource": "EXPLOIT-DB"}, {"url": "http://packetstormsecurity.com/files/128741/Drupal-HTTP-Parameter-Key-Value-SQL-Injection.html", "name": "http://packetstormsecurity.com/files/128741/Drupal-HTTP-Parameter-Key-Value-SQL-Injection.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "refsource": "MISC"}, {"url": "http://packetstormsecurity.com/files/128721/Drupal-7.31-SQL-Injection.html", "name": "http://packetstormsecurity.com/files/128721/Drupal-7.31-SQL-Injection.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/70595", "name": "70595", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://seclists.org/fulldisclosure/2014/Oct/75", "name": "20141016 Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability", "tags": ["Exploit", "Mailing List", "Patch", "Third Party Advisory"], "refsource": "FULLDISC"}, {"url": "http://packetstormsecurity.com/files/128720/Drupal-7.X-SQL-Injection.html", "name": "http://packetstormsecurity.com/files/128720/Drupal-7.X-SQL-Injection.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "refsource": "MISC"}, {"url": "https://www.sektioneins.de/en/blog/14-11-03-drupal-sql-injection-vulnerability-PoC.html", "name": "https://www.sektioneins.de/en/blog/14-11-03-drupal-sql-injection-vulnerability-PoC.html", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}, {"url": "http://osvdb.org/show/osvdb/113371", "name": "113371", "tags": ["Broken Link"], "refsource": "OSVDB"}, {"url": "http://www.exploit-db.com/exploits/34984", "name": "34984", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "refsource": "EXPLOIT-DB"}, {"url": "http://www.exploit-db.com/exploits/34992", "name": "34992", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "refsource": "EXPLOIT-DB"}, {"url": "http://www.exploit-db.com/exploits/35150", "name": "35150", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "refsource": "EXPLOIT-DB"}, {"url": "http://www.securityfocus.com/archive/1/533706/100/0/threaded", "name": "20141015 Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-89"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-3704", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-10-16T00:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.32", "versionStartIncluding": "7.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-09-29T14:08Z"}

7.5 /10