CVE-2012-1626

Name of the Vulnerable Software and Affected Versions Date module versions 6.x-2.x before 6.x-2.8

Description The issue allows remote authenticated users with the "administer Date Tools" privilege to execute arbitrary SQL commands. This is a result of a SQL injection vulnerability in the conversion form for Events.

Recommendations For Date module versions 6.x-2.x before 6.x-2.8, update to version 6.x-2.8 or later to resolve the issue.