PT-2006-4948 · Drupal · Drupal

Dotan

Published

2006-08-14

Updated

2017-07-20

CVE-2006-4107

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Drupal version 4.6 before revision 1.3.2.1

Description The issue allows remote attackers to execute arbitrary SQL commands via a job or resume search in the Job Search module. This is due to a SQL injection vulnerability in the job.module.

Recommendations For Drupal version 4.6 before revision 1.3.2.1, update to revision 1.3.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Job Search module until the update is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4107

Affected Products

Drupal

PT-2006-4948 · Drupal · Drupal

CVE-2006-4107

Related Identifiers

Affected Products

References · 6