Drupal7 Pre Auth SQLI

Severity:: High

Description

SQL injection is a type of attack where malicious SQL queries are inserted into input data, allowing attackers to manipulate the database. Successful exploitation can lead to data theft, modification of database records, unauthorized access, and even control over the entire database management system (DBMS).

Recommendation

Update Drupal

References

Drupal
OWASP: SQL Injection
OWASP: ESAPI project
Wikipedia: Prepared statement
CVE-2014-3704
CWE-20
CWE-89
CAPEC-66
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

WordPress Plugin AdRotate 3.9.4 SQLI - CVE-2014-1854
WordPress Plugin Google Document Embedder 2.5.14 SQLI - CVE-2014-9173
WordPress Plugin Google Document Embedder 2.5.16 SQLI - CVE-2014-9173
Drupal 'Drupalgeddon2' Remote Code Execution - CVE-2018-7600

Tags:: Drupal; SQLI; Injection

Anything's wrong? Let us know Last updated on May 13, 2024