SB2015092612 - Debian update for drupal7
Published: September 26, 2015
Security Bulletin ID
SB2015092612
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) SQL Injection (CVE-ID: CVE-2014-3704)
The vulnerability allows an anonymous user to conduct a SQL injection attack.The weakness exists in database abstraction API preventing the system from SQL injections. Sending of specially crafted request to API may lead to privilege escalation, arbitrary PHP execution, or other attacks such as SQL injection.
Successful exploitation of this vulnerability may allow an anonymous attacker to perorm SQL injection attack.
Remediation
Install update from vendor's website.