Описание
SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 for Drupal allows remote authenticated users, with News Page nodes create and edit privileges, to execute arbitrary SQL commands via the Include Words (aka keywords) field.
Ссылки
- PatchVendor Advisory
- Vendor Advisory
- Patch
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:a:drupal:news_page:5.x-1.1:*:*:*:*:*:*:*
cpe:2.3:a:drupal:news_page:5.x-1.x:*:dev:*:*:*:*:*
EPSS
Процентиль: 69%
0.00639
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
около 3 лет назад
SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 for Drupal allows remote authenticated users, with News Page nodes create and edit privileges, to execute arbitrary SQL commands via the Include Words (aka keywords) field.
EPSS
Процентиль: 69%
0.00639
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-89