Описание
SQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:drupal:acidfree:4.6_1.0:*:*:*:*:*:*:*
cpe:2.3:a:drupal:acidfree:4.7_1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.00773
Низкий
6 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
SQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles.
EPSS
Процентиль: 73%
0.00773
Низкий
6 Medium
CVSS2
Дефекты
NVD-CWE-Other