ID:1775 - Exploit for SQL Injection in Drupal - CVE-2014-3704

Vulnerability identifier: #VU445

Vulnerability risk: High

CVE-ID: CVE-2014-3704

CWE-ID: CWE-564

Exploitation vector: Remote access

Vulnerable software:
Drupal

https://www.rapid7.com/db/modules/exploit/multi/http/drupal_drupageddon

The vulnerability allows an anonymous user to conduct a SQL injection attack.
The weakness exists in database abstraction API preventing the system from SQL injections. Sending of specially crafted request to API may lead to privilege escalation, arbitrary PHP execution, or other attacks such as SQL injection.
Successful exploitation of this vulnerability may allow an anonymous attacker to perorm SQL injection attack.

Update to 7.32.
https://www.drupal.org/drupal-7.32-release-notes