Lucene search

[email protected]NVD:CVE-2015-7876

HistoryOct 21, 2015 - 2:59 p.m.

CVE-2015-7876

2015-10-2114:59:00

CWE-89

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.9%

JSON

The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x before 7.x-1.4 does not properly escape certain characters, which allows remote attackers to execute arbitrary SQL commands via vectors involving a module using the db_like function.

Affected configurations

NVD

Node

drupal_7_driver_for_sql_server_and_sql_azure_projectdrupal_7_driver_for_sql_server_and_sql_azureMatch7.x-1.0drupal

drupal_7_driver_for_sql_server_and_sql_azure_projectdrupal_7_driver_for_sql_server_and_sql_azureMatch7.x-1.1drupal

drupal_7_driver_for_sql_server_and_sql_azure_projectdrupal_7_driver_for_sql_server_and_sql_azureMatch7.x-1.2drupal

drupal_7_driver_for_sql_server_and_sql_azure_projectdrupal_7_driver_for_sql_server_and_sql_azureMatch7.x-1.3drupal

References

cgit.drupalcode.org/sqlsrv/commit/?id=2ea0da8

www.drupal.org/node/2569003

www.drupal.org/node/2569005

www.drupal.org/node/2569577

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.9%

JSON

Related for NVD:CVE-2015-7876

cvelist1 drupal1 prion1 cve1