Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4633

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2008-4633
Last Modified 21 Oct 2008 12:00:00
Published 20 Oct 2008 09:18:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-4633

Summary

SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previously cast vote."

Vulnerable Systems

Application

  • Drupal Node Clone 4.7.x-1.0

  • Drupal Node Clone 4.7.x-1.1

  • Drupal Node Clone 4.7.x-1.2

  • Drupal Node Clone 4.7.x-1.3

  • Drupal Node Clone 4.7.x-2.1

  • Drupal Node Clone 5

  • Drupal Node Clone 6


References

XF - nodevote-voteagain-sql-injection(45920)

BID - 31779

SECUNIA - 32276

CONFIRM - http://drupal.org/node/321685


Last Updated: 27 May 2016 10:48:34