My site has already been patched, in Drupal FAQ (CVE-2014-3704) is not completely true

سلام

!!Very important!!

Please check this:
https://www.drupal.org/drupalsa05FAQ#comment-9306663

FAQ on SA-CORE-2014-005 is not completely true:

My site has already been patched
We've seen many reports where people found that their site had already been patched even though nobody in charge of the site updated the site. This means that the site was compromised via a new entry or an updated entry in the menu_router table, which allowed the attacker to execute commands on the server to patch the site. At this point, the site has been compromised and should probably be taken offline while you assess what to do including forensic review; an audit of all files, code, users, permissions, roles, database content; complying with local regulations and standards including informing users and potentially law enforcement; and remediation or rebuilding the site.

BECAUSE:

I used drupal 7.31 for my blog and it never was vulnerable to CVE-2014-3704.
At first I think my blog has been compromised by hackers like you said in FAQ but I was wrong just like you!!!! [You will be vulnerable if you do not update.]
I have checked all of my files [files+ database] and I was found nothing! because this is about what template you used!
Set Fresh Theme on vulnerable site to understand what I said.
Result: "Not vulnerable" doesn't mean your blog has been compromised by hackers...
So please correct your post!