Description
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
Remediation
References
Related Vulnerabilities
WordPress Plugin Themify Portfolio Post Cross-Site Scripting (1.2.0)
WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease Cross-Site Scripting (4.3.9)
Grafana Improper Authentication Vulnerability (CVE-2018-15727)
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3834)