Debian Security Advisory DSA 3051-1 (drupal7 - Security Update) Network Vulnerability

Summary

Stefan Horst discovered a vulnerability in the Drupal database abstraction API, which may result in SQL injection.

Solution

For the stable distribution (wheezy), this problem has been fixed in version 7.14-2+deb7u7. For the unstable distribution (sid), this problem has been fixed in version 7.32-1. We recommend that you upgrade your drupal7 packages.

Insight

Drupal is a dynamic web site platform which allows an individual or community of users to publish, manage and organize a variety of content, Drupal integrates many popular features of content management systems, weblogs, collaborative tools and discussion-based community software into one easy-to-use package.

Affected

drupal7 on Debian Linux

Detection

This check tests the installed software version using the apt package manager.

References

http://www.debian.org/security/2014/dsa-3051.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-3704

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 054-1 (cron)
Debian Security Advisory DSA 1051-1 (mozilla-thunderbird)
Debian Security Advisory DSA 016-1 (wu-ftpd)
Debian Security Advisory DSA 1024-1 (clamav)
Debian Security Advisory DSA 012-1 (micq)

Debian Security Advisory DSA 3051-1 (drupal7 - security update)

Take action and discover your vulnerabilities