Back to search
CVE-2007-6299
Published: Dec 10, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2) ajaxLoader, and (3) ubrowser contributed modules.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://sourceforge.net/project/shownotes.php?release_id=559532
x_refsource_CONFIRM
26735
vdb-entry
x_refsource_BID
27932
third-party-advisory
x_refsource_SECUNIA
FEDORA-2007-4136
vendor-advisory
x_refsource_FEDORA
27973
third-party-advisory
x_refsource_SECUNIA
27951
third-party-advisory
x_refsource_SECUNIA
drupal-taxonomy-sql-injection(38884)
vdb-entry
x_refsource_XF
http://sourceforge.net/project/shownotes.php?release_id=559538
x_refsource_CONFIRM
vbdrupal-taxonomy-sql-injection(38886)
vdb-entry
x_refsource_XF
http://drupal.org/node/198162
x_refsource_CONFIRM
FEDORA-2007-4163
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now