PT-2007-7168 · Drupal · Drupal
Published
2007-12-10
·
Updated
2017-08-08
·
CVE-2007-6299
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Drupal versions 4.7.x before 4.7.9
Drupal versions 5.x before 5.4
vbDrupal versions 4.7.x before 4.7.9
vbDrupal versions 5.x before 5.4
Description
The issue allows remote attackers to execute arbitrary SQL commands via certain modules that pass input to the
taxonomy select nodes function. This is demonstrated by the taxonomy menu, ajaxLoader, and ubrowser contributed modules.Recommendations
For Drupal versions 4.7.x before 4.7.9, update to version 4.7.9 or later.
For Drupal versions 5.x before 5.4, update to version 5.4 or later.
For vbDrupal versions 4.7.x before 4.7.9, update to version 4.7.9 or later.
For vbDrupal versions 5.x before 5.4, update to version 5.4 or later.
Fix
RCE
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Drupal