CVE-2014-3704

EPSS 93.87% · P100 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2014-3704

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Drupal core SQL注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。 Drupal core 7.3之前7.x版本中的database abstraction API中‘expandArguments’函数存在安全漏洞，该漏洞源于程序没有正确构造预处理语句。远程攻击者可借助带有特制键的数组利用该漏洞实施SQL注入攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2014-3704

#	POC Description	Source Link	Shenlong Link
1	None	https://github.com/happynote3966/CVE-2014-3704	POC Details
2	CVE-2014-3704 aka Drupalgeddon - Form-Cache Injection Method	https://github.com/AleDiBen/Drupalgeddon	POC Details
3	An rewritten POC on the CVE-2014-3704	https://github.com/RasmusKnothNielsen/Drupalgeddon-Python3	POC Details
4	An rewritten POC on the CVE-2014-3704	https://github.com/Neldeborg/Drupalgeddon-Python3	POC Details
5	This code is taken from "Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (Add Admin User)" and was converted to Python 3 to suit the exercise in Academy for Module "Attacking Commoon Applications" and section "Attacking Drupal".	https://github.com/joaomorenorf/CVE-2014-3704	POC Details
6	The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing specially crafted keys.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2014/CVE-2014-3704.yaml	POC Details
7	None	https://github.com/Threekiii/Awesome-POC/blob/master/CMS%E6%BC%8F%E6%B4%9E/Drupal%20%207.32%20%E2%80%9CDrupalgeddon%E2%80%9D%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CVE-2014-3704.md	POC Details
8	None	https://github.com/chaitin/xray-plugins/blob/main/poc/manual/drupal-cve-2014-3704-sqli.yml	POC Details
9		https://github.com/vulhub/vulhub/blob/master/drupal/CVE-2014-3704/README.md	POC Details
10	Audit de sécurité Black Box d'un serveur Drupal 7. Démonstration d'une Kill Chain complète : Injection SQL (CVE-2014-3704) ➔ RCE ➔ Reverse Shell ➔ Escalade vers Root (SUID). Ce dépôt contient le rapport technique détaillé, les preuves d'exploitation (PoC) et les mesures de remédiation pour sécuriser l'infrastructure.	https://github.com/fbm31/Audit-BlackBox-Web-to-Root	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2014-3704

请登录查看更多情报信息。

http://packetstormsecurity.com/files/128720/Drupal-7.X-SQL-Injection.htmlx_refsource_MISC
http://packetstormsecurity.com/files/128721/Drupal-7.31-SQL-Injection.htmlx_refsource_MISC
http://packetstormsecurity.com/files/128741/Drupal-HTTP-Parameter-Key-Value-SQL-Injection.htmlx_refsource_MISC
https://www.drupal.org/SA-CORE-2014-005x_refsource_CONFIRM
https://www.sektioneins.de/en/blog/14-11-03-drupal-sql-injection-vulnerability-PoC.htmlx_refsource_MISC
http://www.securityfocus.com/bid/70595vdb-entryx_refsource_BID
http://www.exploit-db.com/exploits/34993exploitx_refsource_EXPLOIT-DB
http://www.exploit-db.com/exploits/34984exploitx_refsource_EXPLOIT-DB
http://secunia.com/advisories/59972third-party-advisoryx_refsource_SECUNIA
http://osvdb.org/show/osvdb/113371vdb-entryx_refsource_OSVDB
http://www.debian.org/security/2014/dsa-3051vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/archive/1/533706/100/0/threadedmailing-listx_refsource_BUGTRAQ
http://seclists.org/fulldisclosure/2014/Oct/75mailing-listx_refsource_FULLDISC
http://www.openwall.com/lists/oss-security/2014/10/15/23mailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2014-3704

Same Patch Batch · n/a · 2014-10-16 · 126 CVEs total

CVE-2014-7024		Android Hardest Game Collection应用程序加密问题漏洞
CVE-2014-7039		Android Wild Women United应用程序加密问题漏洞
CVE-2014-7038		Android Al Jazeera应用程序加密问题漏洞
CVE-2014-7037		Android Noble Sticker "FREE"应用程序加密问题漏洞
CVE-2014-7036		Android Quest Federal CU Mobile应用程序加密问题漏洞
CVE-2014-7035		Android Harmonizers Planet应用程序加密问题漏洞
CVE-2014-7034		Android Senator Inn & Spa应用程序加密问题漏洞
CVE-2014-7033		Android Cure Viewer应用程序加密问题漏洞
CVE-2014-7032		Android MYHABIT应用程序加密问题漏洞
CVE-2014-7031		Android RedAtoms Three应用程序加密问题漏洞
CVE-2014-7030		Android Dieta Dukan passo a passo应用程序加密问题漏洞
CVE-2014-7029		Android Bultmonster Registret应用程序加密问题漏洞
CVE-2014-7028		Android Ibis pau centre应用程序加密问题漏洞
CVE-2014-7027		Android Esercizi per le donne应用程序加密问题漏洞
CVE-2014-7026		Android LIFE TIME FITNESS应用程序加密问题漏洞
CVE-2014-7025		Android Who-is-it? Lite name caller time limited free应用程序加密问题漏洞
CVE-2014-7013		Android Funny Photo Color Editor应用程序加密问题漏洞
CVE-2014-7012		Android Coffee Inn应用程序加密问题漏洞
CVE-2014-7011		Android NWTC Mobile应用程序加密问题漏洞
CVE-2014-7015		Android JJ Texas Hold'em Poker应用程序加密问题漏洞

Showing top 20 of 126 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2014-3704

Anonymous User

2026-01-15 06:09:32

Zaproxy alias impedit expedita quisquam pariatur exercitationem. Nemo rerum eveniet dolores rem quia dignissimos.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2014-3704

I. Basic Information for CVE-2014-3704

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2014-3704

III. Intelligence Information for CVE-2014-3704

Same Patch Batch · n/a · 2014-10-16 · 126 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2014-3704

Anonymous User

Leave a comment