{"id":20471106,"url":"https://github.com/drupal-modules/drupageddon","last_synced_at":"2025-04-13T10:57:40.236Z","repository":{"id":22308490,"uuid":"25643556","full_name":"drupal-modules/drupageddon","owner":"drupal-modules","description":"SA-CORE-2014-005 - Drupal core - SQL injection","archived":false,"fork":false,"pushed_at":"2014-11-03T15:37:17.000Z","size":168,"stargazers_count":6,"open_issues_count":0,"forks_count":4,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-27T02:11:44.344Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/drupal-modules.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-10-23T15:18:33.000Z","updated_at":"2021-02-28T03:26:49.000Z","dependencies_parsed_at":"2022-08-21T02:30:47.906Z","dependency_job_id":null,"html_url":"https://github.com/drupal-modules/drupageddon","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/drupal-modules%2Fdrupageddon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/drupal-modules%2Fdrupageddon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/drupal-modules%2Fdrupageddon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/drupal-modules%2Fdrupageddon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/drupal-modules","download_url":"https://codeload.github.com/drupal-modules/drupageddon/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248703194,"owners_count":21148117,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-15T14:14:59.085Z","updated_at":"2025-04-13T10:57:40.216Z","avatar_url":"https://github.com/drupal-modules.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"Drupageddon\n===========\n\nSA-CORE-2014-005 - Drupal core - SQL injection\n\nDrupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks.\n\nA vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks.\n\n\nPatch: [SA-CORE-2014-005-D7.patch](https://www.drupal.org/files/issues/SA-CORE-2014-005-D7.patch)\n\nSee also:\n\n - [Security risk SA-CORE-2014-005 - Drupal core - SQL injection](https://www.drupal.org/SA-CORE-2014-005) at Drupal.org\n - [FAQ on SA-CORE-2014-005](https://www.drupal.org/node/2357241) at Drupal.org\n - [Drupalgeddon](https://www.drupal.org/project/drupalgeddon) module \n - [Database ExpandArguments placeholder naming issues when using array](https://www.drupal.org/node/2146839) at Drupal.org (independently reported in public Drupal issue tracker a year ago, without recognizing the impact)\n - [Advisory 01/2014: Drupal - pre Auth SQL Injection Vulnerability](https://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html) at sektioneins.de\n - [SA-CORE-2014-005 - Drupal core - SQL injection](http://www.reddit.com/r/netsec/comments/2jbu8g/sacore2014005_drupal_core_sql_injection/) at reddit\n - [drupal_drupageddon module](https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/drupal_drupageddon.rb) for [Metasploit framework](http://www.metasploit.com/) at GitHub\n - Blog: [Of Drupageddon and other fancy names](https://0x776b7364.wordpress.com/2014/10/16/of-drupageddon-and-other-fancy-names/) at 0x776b7364\n - Blog: [Drupal SQL Injection Attempts in the Wild](http://blog.sucuri.net/2014/10/drupal-sql-injection-attempts-in-the-wild.html) at sucuri.net\n - Blog: [Your Drupal website has a backdoor](http://drupal.geek.nz/blog/your-drupal-websites-backdoor) at drupal.geek.nz\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdrupal-modules%2Fdrupageddon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdrupal-modules%2Fdrupageddon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdrupal-modules%2Fdrupageddon/lists"}