Drupal SQL injection

A vulnerability in Drupal's database query sanitizing API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks.

Please see https://www.drupal.org/SA-CORE-2014-005 for further details, and investigate upgrading or patching vulnerable installations as soon as possible. 


Please sign in to leave a comment.