Drupal 7 – SQL Injection Vulnerability (CVE-2014-3704)

We thought that we could rest for a while after taking care of the POODLE issue but then a team of security experts found out a critical Drupal issue (SA-CORE-2014-005) which is described here. We were able to fix this issue in time by applying the following recommended patch and clearing the cache:

foreach (array_filter($args, ‘is_array’) as $key => $data) {
$new_keys = array();
–      foreach ($data as $i => $value) {
+      foreach (array_values($data) as $i => $value) {


Leave a Reply