CVE-2015-7876

Name of the Vulnerable Software and Affected Versions Drupal 7 driver for SQL Server and SQL Azure versions prior to 7.x-1.4

Description The issue arises from the escapeLike function in sqlsrv/database.inc, which fails to properly escape certain characters. This allows remote attackers to execute arbitrary SQL commands, specifically through vectors involving a module that uses the db like function.

Recommendations For versions prior to 7.x-1.4, update to version 7.x-1.4 or later to resolve the issue.