Описание
SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."
Ссылки
- PatchVendor Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- PatchVendor Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 6.0 (включая) до 6.3 (исключая)
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.013
Низкий
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
ubuntu
около 17 лет назад
SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."
debian
около 17 лет назад
SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 ...
github
больше 3 лет назад
SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."
EPSS
Процентиль: 79%
0.013
Низкий
7.5 High
CVSS2
Дефекты
CWE-89