The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
http://packetstormsecurity.com/files/128720/Drupal-7.X-SQL-Injection.html
http://packetstormsecurity.com/files/128721/Drupal-7.31-SQL-Injection.html
http://packetstormsecurity.com/files/128741/Drupal-HTTP-Parameter-Key-Value-SQL-Injection.html
http://seclists.org/fulldisclosure/2014/Oct/75
http://secunia.com/advisories/59972
https://www.drupal.org/SA-CORE-2014-005
http://www.debian.org/security/2014/dsa-3051
http://www.exploit-db.com/exploits/34984
http://www.exploit-db.com/exploits/34992
http://www.exploit-db.com/exploits/34993