FreeBSD : drupal7 -- SQL injection (6f825fa4-5560-11e4-a4c3-00a0986f28c4)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Drupal Security Team reports :

Drupal 7 includes a database abstraction API to ensure that queries
executed against the database are sanitized to prevent SQL injection
attacks. A vulnerability in this API allows an attacker to send
specially crafted requests resulting in arbitrary SQL execution.
Depending on the content of the requests this can lead to privilege
escalation, arbitrary PHP execution, or other attacks. This
vulnerability can be exploited by anonymous users.

See also :

https://www.drupal.org/SA-CORE-2014-005
http://www.nessus.org/u?67656329
http://www.nessus.org/u?6db890d6

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 78521 ()

Bugtraq ID:

CVE ID: CVE-2014-3704

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now