Stefan Horst of SektionEins GmbH reported a critical pre-auth SQL injection vulnerability in Drupal core 7.x versions prior to 7.32. Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks.A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks.
It is recommended to upgrade to the latest version of Drupal. (This issue was fixed in version 7.32).
Advisory 01/2014: Drupal - pre Auth SQL Injection Vulnerability
WordPress Plugin WP Visitor Statistics (Real Time Traffic) SQL Injection (4.7)
WordPress Plugin WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection-StopBadBots SQL Injection (6.59)
WordPress Plugin Side Menu Lite-add sticky fixed buttons SQL Injection (2.2.1)
WordPress Plugin Display Users SQL Injection (2.0.0)
WordPress Plugin Spreadsheet (wpSS) 'ss_id' Parameter SQL Injection (0.61)