Lucene search

[email protected]CVE-2015-6659

HistoryAug 24, 2015 - 2:59 p.m.

CVE-2015-6659

2015-08-2414:59:16

CWE-89

[email protected]

web.nvd.nist.gov

cve-2015-6659

sql injection

drupal

database api

nvd

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.7%

JSON

SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment.

Affected configurations

NVD

Node

drupaldrupalMatch7.0

drupaldrupalMatch7.0alpha1

drupaldrupalMatch7.0alpha2

drupaldrupalMatch7.0alpha3

drupaldrupalMatch7.0alpha4

drupaldrupalMatch7.0alpha5

drupaldrupalMatch7.0alpha6

drupaldrupalMatch7.0alpha7

drupaldrupalMatch7.0beta1

drupaldrupalMatch7.0beta2

drupaldrupalMatch7.0beta3

drupaldrupalMatch7.0dev

drupaldrupalMatch7.0rc1

drupaldrupalMatch7.0rc2

drupaldrupalMatch7.0rc3

drupaldrupalMatch7.0rc4

drupaldrupalMatch7.1

drupaldrupalMatch7.2

drupaldrupalMatch7.3

drupaldrupalMatch7.4

drupaldrupalMatch7.5

drupaldrupalMatch7.6

drupaldrupalMatch7.7

drupaldrupalMatch7.8

drupaldrupalMatch7.9

drupaldrupalMatch7.10

drupaldrupalMatch7.11

drupaldrupalMatch7.12

drupaldrupalMatch7.13

drupaldrupalMatch7.14

drupaldrupalMatch7.15

drupaldrupalMatch7.16

drupaldrupalMatch7.17

drupaldrupalMatch7.18

drupaldrupalMatch7.19

drupaldrupalMatch7.20

drupaldrupalMatch7.21

drupaldrupalMatch7.22

drupaldrupalMatch7.23

drupaldrupalMatch7.24

drupaldrupalMatch7.25

drupaldrupalMatch7.26

drupaldrupalMatch7.27

drupaldrupalMatch7.28

drupaldrupalMatch7.29

drupaldrupalMatch7.30

drupaldrupalMatch7.33

drupaldrupalMatch7.34

drupaldrupalMatch7.35

drupaldrupalMatch7.36

drupaldrupalMatch7.37

drupaldrupalMatch7.38

drupaldrupalMatch7.x-dev

CPENameOperatorVersion
drupal:drupaldrupaleq7.0
drupal:drupaldrupaleq7.1
drupal:drupaldrupaleq7.2
drupal:drupaldrupaleq7.3
drupal:drupaldrupaleq7.4
drupal:drupaldrupaleq7.5
drupal:drupaldrupaleq7.6
drupal:drupaldrupaleq7.7
drupal:drupaldrupaleq7.8
drupal:drupaldrupaleq7.9

CPE	Name	Operator	Version
drupal:drupal	drupal	eq	7.0
drupal:drupal	drupal	eq	7.1
drupal:drupal	drupal	eq	7.2
drupal:drupal	drupal	eq	7.3
drupal:drupal	drupal	eq	7.4
drupal:drupal	drupal	eq	7.5
drupal:drupal	drupal	eq	7.6
drupal:drupal	drupal	eq	7.7
drupal:drupal	drupal	eq	7.8
drupal:drupal	drupal	eq	7.9