PT-2020-7110 · Drupal+1 · Drupal+1
Published
2020-01-14
·
Updated
2022-04-22
·
CVE-2011-2715
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Drupal versions 6.20
Data module versions 6.x-1.0-alpha14
Description
The issue is caused by insufficient sanitization of table names or column names, leading to an SQL Injection vulnerability.
Recommendations
For Drupal version 6.20, update the Data module to a version later than 6.x-1.0-alpha14 to resolve the issue.
For Data module version 6.x-1.0-alpha14, consider disabling the module until a patch is available.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Data Module
Drupal