Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4113

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-4113
Last Modified 29 Feb 2012 12:00:00
Published 17 Feb 2012 06:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4113

Summary

SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of views with specific configurations of arguments."

Vulnerable Systems

Application

  • Earl Miles Views 4.7.x-1.0

  • Earl Miles Views 4.7.x-1.1

  • Earl Miles Views 4.7.x-1.2

  • Earl Miles Views 4.7.x-1.3

  • Earl Miles Views 4.7.x-1.4

  • Earl Miles Views 4.7.x-1.4.2

  • Earl Miles Views 4.7.x-1.6

  • Earl Miles Views 4.7.x-1.x

  • Earl Miles Views 4.7.x1.5

  • Earl Miles Views 5.x-1.0

  • Earl Miles Views 5.x-1.1

  • Earl Miles Views 5.x-1.2

  • Earl Miles Views 5.x-1.3

  • Earl Miles Views 5.x-1.4

  • Earl Miles Views 5.x-1.4-2

  • Earl Miles Views 5.x-1.5

  • Earl Miles Views 5.x-1.6

  • Earl Miles Views 5.x-1.7

  • Earl Miles Views 5.x-1.8

  • Earl Miles Views 5.x-1.x

  • Earl Miles Views 6.x-2.0

  • Earl Miles Views 6.x-2.1

  • Earl Miles Views 6.x-2.10

  • Earl Miles Views 6.x-2.11

  • Earl Miles Views 6.x-2.12

  • Earl Miles Views 6.x-2.2

  • Earl Miles Views 6.x-2.3

  • Earl Miles Views 6.x-2.4

  • Earl Miles Views 6.x-2.5

  • Earl Miles Views 6.x-2.6

  • Earl Miles Views 6.x-2.7

  • Earl Miles Views 6.x-2.8

  • Earl Miles Views 6.x-2.9

  • Earl Miles Views 6.x-2.x


References

XF - views-filters-sql-injection(71124)

BID - 50500

OSVDB - 76809

MLIST - [oss-security] 20111104 Re: CVE Request -- Drupal (v6.x based) Views module - SQL injection due improper escaping of database parameters for certain filters / arguments (SA-CONTRIB-2011-052)

SECUNIA - 46962

SECUNIA - 46680

FEDORA - FEDORA-2011-15399

MISC - http://drupal.org/node/1329898

CONFIRM - http://drupal.org/node/1329842


Last Updated: 27 May 2016 10:58:17