FreeBSD : drupal7 -- SQL injection (6f825fa4-5560-11e4-a4c3-00a0986f28c4)
High Nessus Plugin ID 78521
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionDrupal Security Team reports :
Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution.
Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks. This vulnerability can be exploited by anonymous users.
SolutionUpdate the affected package.