PT-2007-7168 · Drupal · Drupal
Publicado
2007-12-10
·
Atualizado
2017-08-08
·
CVE-2007-6299
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Drupal versions 4.7.x before 4.7.9
Drupal versions 5.x before 5.4
vbDrupal versions 4.7.x before 4.7.9
vbDrupal versions 5.x before 5.4
Description
The issue allows remote attackers to execute arbitrary SQL commands via certain modules that pass input to the
taxonomy select nodes function. This is demonstrated by the taxonomy menu, ajaxLoader, and ubrowser contributed modules.Recommendations
For Drupal versions 4.7.x before 4.7.9, update to version 4.7.9 or later.
For Drupal versions 5.x before 5.4, update to version 5.4 or later.
For vbDrupal versions 4.7.x before 4.7.9, update to version 4.7.9 or later.
For vbDrupal versions 5.x before 5.4, update to version 5.4 or later.
Correção
RCE
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Drupal