7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8 High
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.9%
SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to “an inappropriate placeholder for ‘numeric’ fields.”
CPE | Name | Operator | Version |
---|---|---|---|
drupal:drupal | drupal | lt | 6.3 |
drupal.org/node/280571
secunia.com/advisories/31079
www.openwall.com/lists/oss-security/2008/07/10/3
www.securityfocus.com/bid/30168
bugzilla.redhat.com/show_bug.cgi?id=454849
exchange.xforce.ibmcloud.com/vulnerabilities/43705
www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html
www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html
www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html
More