Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6299

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-6299
Last Modified 05 Sep 2008 05:32:53
Published 10 Dec 2007 01:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6299

Summary

Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2) ajaxLoader, and (3) ubrowser contributed modules.

Vulnerable Systems

Application

  • Drupal 4.0.0

  • Drupal 4.1.0

  • Drupal 4.2.0 Rc

  • Drupal 4.4.0

  • Drupal 4.4.1

  • Drupal 4.4.2

  • Drupal 4.4.3

  • Drupal 4.5

  • Drupal 4.5.1

  • Drupal 4.5.2

  • Drupal 4.5.3

  • Drupal 4.5.4

  • Drupal 4.5.5

  • Drupal 4.5.6

  • Drupal 4.5.7

  • Drupal 4.5.8

  • Drupal 4.6

  • Drupal 4.6.0

  • Drupal 4.6.1

  • Drupal 4.6.10

  • Drupal 4.6.11

  • Drupal 4.6.2

  • Drupal 4.6.3

  • Drupal 4.6.4

  • Drupal 4.6.5

  • Drupal 4.6.6

  • Drupal 4.6.7

  • Drupal 4.6.8

  • Drupal 4.6.9

  • Drupal 4.7

  • Drupal 4.7 Rev1.15

  • Drupal 4.7.1

  • Drupal 4.7.2

  • Drupal 4.7.3

  • Drupal 4.7.4

  • Drupal 4.7.5

  • Drupal 4.7.6

  • Drupal 4.7.7

  • Drupal 4.7.8

  • Drupal 5.0

  • Drupal 5.1

  • Drupal 5.1 Rev1.1

  • Drupal 5.2


References

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=559538

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=559532

BID - 26735

SECUNIA - 27951

SECUNIA - 27932

CONFIRM - http://drupal.org/node/198162

FEDORA - FEDORA-2007-4163

FEDORA - FEDORA-2007-4136

XF - vbdrupal-taxonomy-sql-injection(38886)

XF - drupal-taxonomy-sql-injection(38884)

SECUNIA - 27973


Last Updated: 27 May 2016 10:46:26