Drupal community under attack due to a critical SQL injection flaw

A security advisory issued by Drupal assumes that every installation of the popular CMS based in the version 7.x was compromised unless patched.

Earlier this month, Drupal patched a critical SQL injection vulnerability (CVE-2014-3704) that exists in all Drupal core 7.x versions up to the recently-released 7.32 version, which fixed the issue.

There is an emergency in the Drupal community, earlier this month Drupal issued a patch to fix a critical SQL injection vulnerability (CVE-2014-3704) that affects the core of the 7.x versions. Exploiting the flaw an attacker may do a dump of the database used by the targeted website, without needing an account or tricking a user into exposing credentials.

The worrying news is that the attackers may have created backdoor in the system which could allow them to control the target and compromise other services on the server.

Security experts confirmed that websites based on the popular CMS are under attacks, cyber criminals and hackers are beginning using automated tools to scan and exploit the flaw to compromise the targets. The Development Team at Drupal confirmed that the attacks started within hours of the public disclosure of the vulnerability occurred on October 15th.

Drupal is warning that users to carefully inspect their systems, even if they have applied the patch, because already compromised website are exposed to serious risks.

“Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 – Drupal core – SQL injection. You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.”the Drupal Security Team wrote in a security advisory. “You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement,”.

In case the site owners suspect that their application has been compromised, it is suggested to restore the website from a clean backup or rebuild the site from scratch.

“While recovery without restoring from backup may be possible, this is not advised because backdoors can be extremely difficult to find,” the advisory cautioned. “The recommendation is to restore from backup or rebuild from scratch.” states Drupal.

Drupal has anyway issued a documentation related to the response procedure in case the system is hacked.

Content management system are privileged targets for cybercriminals that could use automated scanning tool and exploits available in the underground.Due to the level of diffusion also the US-CERT has issued a security advisory on the vulnerability.


Don’t waste time, patch your Drupal installation and verify that it is not compromised.

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase