CVE-2008-6383

Опубликовано: 02 мар. 2009

Источник: nvd

CVSS2: 6

EPSS Низкий

Описание

SQL injection vulnerability in SpeedTech Organization and Resource Manager (Storm) 5.x before 5.x-1.14 and 6.x before 6.x-1.18, a module for Drupal, allows remote authenticated users with storm project access to execute arbitrary SQL commands via unspecified vectors.

Комментарий

Per vendor advisory at: http://drupal.org/node/342246

"Versions Affected

* Versions of Storm for Drupal 5.x prior to 5.x-1.14 * Versions of Storm for Drupal 6.x prior to 6.x-1.18

Drupal core is not affected. If you do not use the Storm module, there is nothing you need to do.

Ссылки

http://drupal.org/node/342246
Patch
Vendor Advisory
http://secunia.com/advisories/32978
Vendor Advisory
http://www.securityfocus.com/bid/32626
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/47077
http://drupal.org/node/342246
Patch
Vendor Advisory
http://secunia.com/advisories/32978
Vendor Advisory
http://www.securityfocus.com/bid/32626
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/47077

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:drupal:storm:5.x-1.1:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:5.x-1.2:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:5.x-1.3:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:5.x-1.4:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:5.x-1.5:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:5.x-1.6:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:5.x-1.7:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:5.x-1.8:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:5.x-1.9:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:5.x-1.10:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:5.x-1.11:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:5.x-1.12:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:5.x-1.13:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:5.x-1.x-dev:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:6.x-1.0:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:6.x-1.1:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:6.x-1.2:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:6.x-1.3:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:6.x-1.4:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:6.x-1.5:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:6.x-1.6:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:6.x-1.7:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:6.x-1.8:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:6.x-1.9:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:6.x-1.10:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:6.x-1.11:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:6.x-1.12:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:6.x-1.13:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:6.x-1.14:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:6.x-1.15:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:6.x-1.16:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:6.x-1.17:*:*:*:*:*:*:*

cpe:2.3:a:drupal:storm:6.x-1.x-dev:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

EPSS

Процентиль: 49%

0.00261

Низкий

6 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-x7v8-fh5j-xh3m

github

около 3 лет назад