Drupal 7.x Versions Vulnerable to SQL injection [Highly Critical]

Drupal Security team reports that All versions of Drupal 7 prior to 7.32 (latest) are vulnerable to SQL injection Attack. The Bug which was discovered by Sektion Eins, a German PHP security firm, is “Highly Critical” and could allow an attacker to compromise the whole site.

This Bug exists in the database abstraction API (used to ensure that queries executed against the database are sanitized to prevent SQL injection attacks.) and can be exploited by any anonymous website visitor. It can be used to achieve privilege escalation (gaining more privileges) or execute arbitrary PHP code that can lead to site compromise.

Drupal  Vulnerable to SQL injection

The Drupal Security team Highly recommends that admins update their sites to the latest version (7.32) immediately. If you don’t want to update and instead want to stick to the previous 7.x version, they have also got Patch for you.

Patch: https://www.drupal.org/files/issues/SA-CORE-2014-005-D7.patch

Source: Drupal Blog- SA-CORE-2014-005

  • SHARE