Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks.
A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks.
It is, relatively, rare to find core vulnerabilities in content management platforms, but when they are found, they're normally great! The security advisory SA-CORE-2014-005 states that Drupal core 7.x versions prior to 7.3.2 are affected and they have already released both an upgrade and standalone patch to resolve the issue."