Article ID: 123357, created on Oct 30, 2014, last review on Jun 17, 2016

  • Applies to:
  • Operations Automation
  • Plesk

Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 were detected.


  • 15th of October Drupal announced highly critical security vulnerability SA-CORE-2014-005 in API for all 7.x versions 7.x versions prior to 7.32:

  • 29th of October Drupal also issued Security Advisory PSA-2014-003 with recommendation to recover all potentially sites from backup unless patch was applied within hours of the announcement of SA-CORE-2014-005:


A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks.


Drupal as an APS package is available for installation using following Parallels products, here is the list of articles which you may refer to

Parallels takes the security of our customers very seriously and encourages you to take the recommended actions as soon as possible.

We also strongly encourage you to stay connected to Parallels for important product-related information via these methods:

Search Words




a914db3fdc7a53ddcfd1b2db8f5a1b9c 56797cefb1efc9130f7c48a7d1db0f0c 5356b422f65bdad1c3e9edca5d74a1ae caea8340e2d186a540518d08602aa065 614fd0b754f34d5efe9627f2057b8642 e0aff7830fa22f92062ee4db78133079

Email subscription for changes to this article
Save as PDF