CVE-2014-3704

Name of the Vulnerable Software and Affected Versions Drupal core versions prior to 7.32

Description The issue concerns the expandArguments function in the database abstraction API, which does not properly construct prepared statements. This allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.

Recommendations For versions prior to 7.32, update to version 7.32 or later to resolve the issue. As a temporary workaround, consider restricting access to the database abstraction API to minimize the risk of exploitation. Avoid using arrays with crafted keys in the affected API until the issue is resolved.