Drupal Security Advisory SA-CORE-2014-005

BoerenkoolMetWorst · Oct 15, 2014

Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks.
A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks.
This vulnerability can be exploited by anonymous users.
Click to expand...

https://www.drupal.org/SA-CORE-2014-005

Dermot7 · Oct 18, 2014

Less than 48 hours ago, the Drupal team released an update (version 7.32) for a serious security vulnerability (SQL injection) that affected all versions of Drupal 7.x.
Click to expand...

Drupal SQL Injection Attempts in the Wild | Sucuri Blog

The first attack started 8 hours after the disclosure. The attackers began hitting our honeypots with the following SQL Injection attempt. The same IP also tried to attack our own site.
Click to expand...

ronjor · Oct 30, 2014

Advisory says to assume all Drupal 7 websites are compromised

Drupal urged users to apply an update on Oct. 13, but only those who patched within seven hours may be in the clear

By Steve Ragan

CSO | Oct 30, 2014
Click to expand...

http://www.infoworld.com/article/28...me-all-drupal-7-websites-are-compromised.html

siljaline · Nov 3, 2014

Drupalgeddon megaflaw raises questions over CMS bods' crisis mgmt

The security world has been shocked to its foundations following ominous warnings that millions of Drupal websites that didn't apply a critical patch within hours of its release earlier this month should be regarded as hopelessly compromised. [...]
Click to expand...

http://www.theregister.co.uk/2014/11/03/drupal_drupalgeddon_analysis/

Log in or Sign up

Drupal Security Advisory SA-CORE-2014-005

BoerenkoolMetWorst Registered Member

Dermot7 Registered Member

ronjor Global Moderator

siljaline Registered Member

Log in or Sign up

Drupal Security Advisory SA-CORE-2014-005

BoerenkoolMetWorst Registered Member

Dermot7 Registered Member

ronjor Global Moderator

siljaline Registered Member

Useful Searches