All Products
Document Center

[Vulnerability notice] SQL injection vulnerability in Drupal

Last Updated: Apr 18, 2018

Vulnerability description

Drupal 7 provides a database abstraction API to handle SQL injection attacks in the queries it receives. However, an attacker can construct special requests and use the API to run malicious SQL statements, resulting in privilege escalation, PHP code execution, or other security risks.

Affected scope

Drupal 7.x - 7.31

How to fix

  1. Download and install the official patch.

  2. Upgrade Drupal to 7.32 or later.