VDB

GCVE-110-MAGEIA-2014-423

GCVE-110-MAGEIA-2014-423
Advisory Published
Vulnetix · Advisory published October 25, 2014
An SQL Injection issue exists in Drupal before 7.32 due to the way the Drupal core handles prepared statements. A malicious user can inject arbitrary SQL queries, and thereby completely control the Drupal site. This vulnerability can be exploited by remote attackers without any kind of authentication required (CVE-2014-3704).

Affected Products

VendorProductVersionsPlatforms
Mageiadrupal0 (affected), 7.32-1.mga4 (unaffected)
Mageiadrupal0 (affected), 7.32-1.mga3 (unaffected)

Browse GCVE Records

73,161 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›