Описание
SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previously cast vote."
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:a:drupal:node_clone:4.7.x-1.0:*:*:*:*:*:*:*
cpe:2.3:a:drupal:node_clone:4.7.x-1.1:*:*:*:*:*:*:*
cpe:2.3:a:drupal:node_clone:4.7.x-1.2:*:*:*:*:*:*:*
cpe:2.3:a:drupal:node_clone:4.7.x-1.3:*:*:*:*:*:*:*
cpe:2.3:a:drupal:node_clone:4.7.x-2.1:*:*:*:*:*:*:*
cpe:2.3:a:drupal:node_clone:5:*:*:*:*:*:*:*
cpe:2.3:a:drupal:node_clone:6:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00316
Низкий
6 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
около 3 лет назад
SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previously cast vote."
EPSS
Процентиль: 54%
0.00316
Низкий
6 Medium
CVSS2
Дефекты
CWE-89