Drupal Releases Security Advisory

Drupal has released a security advisory to address an application program interface (API) vulnerability (CVE-2014-3704) that could allow an attacker to execute arbitrary SQL commands on an affected system.

This vulnerability affects all Drupal core 7.x versions prior to 7.32.

US-CERT advises users and administrators review Drupal's Security Advisory and apply the necessary update or patch.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

We recently updated our anonymous product survey; we'd welcome your feedback.