Drupal Releases Security Advisory

Original release date: October 17, 2014

Drupal has released a security advisory to address an application program interface (API) vulnerability (CVE-2014-3704) that could allow an attacker to execute arbitrary SQL commands on an affected system.

This vulnerability affects all Drupal core 7.x versions prior to 7.32.

US-CERT advises users and administrators review Drupal’s Security Advisory and apply the necessary update or patch.


This product is provided subject to this Notification and this Privacy & Use policy.

Leave a Reply