Engine Yard Developer Center

Drupal SQL injection

A vulnerability in Drupal's database query sanitizing API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks.

Please see https://www.drupal.org/SA-CORE-2014-005 for further details, and investigate upgrading or patching vulnerable installations as soon as possible. 

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments

  • Avatar
    Levi Brereton

    SQL is a very good database which is using by a lot of user. We provide a security package for this database. If you are using this database then you should use our package. For more information you can visit our page. https://www.datasunrise.com/firewall/ms-sql-server/

Please sign in to leave a comment.

Powered by Zendesk