漏洞描述
Drupal是一款用量庞大的CMS,其7.0~7.31版本中存在一处无需认证的SQL漏洞。通过该漏洞,攻击者可以执行任意SQL语句,插入、修改管理员信息,甚至执行任意代码。
Drupal < 7.32 “Drupalgeddon” SQL注入漏洞(CVE-2014-3704)
PoC代码
暂无相关漏洞推荐
-
CVE-2014-3704: Drupal SQL Injection POC
2025-08-01 | DrupalThe expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not... -
CVE-2018-7600: Drupal - Remote Code Execution POC
2025-08-01 | DrupalDrupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attac... -
CVE-2018-7602: Drupal - Remote Code Execution POC
2025-08-01 | DrupalDrupal 7.x and 8.x contain a remote code execution vulnerability that exists within multiple subsyst... -
CVE-2014-3120: ElasticSearch v1.1.1/1.2 RCE POC
2025-09-01 | ElasticSearchThe default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote... -
Weblogic uddiexplorer 服务端请求伪造漏洞(CVE-2014-4210) 无POC
2025-08-22 | WeblogicWebLogic Server 是一个适用于云环境和传统环境的应用服务器组件。WebLogic uddiexplorer 存在服务端请求伪造漏洞(CVE-2014-4210),攻击者可以通过该漏洞发送...