Advisories ยป MGASA-2014-0423

Updated drupal packages fix security vulnerability

Publication date: 25 Oct 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3704

Description

An SQL Injection issue exists in Drupal before 7.32 due to the way the Drupal
core handles prepared statements. A malicious user can inject arbitrary SQL
queries, and thereby completely control the Drupal site. This vulnerability
can be exploited by remote attackers without any kind of authentication
required (CVE-2014-3704).
                

References

SRPMS

3/core

4/core