Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1656

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-1656
Last Modified 19 Sep 2012 12:00:00
Published 18 Sep 2012 04:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1656

Summary

SQL injection vulnerability in the Multisite Search module 6.x-2.2 for Drupal allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the Site table prefix field.

Vulnerable Systems

Application

  • Wesjones Multisite Search 6.x-2.2


References

XF - multisite-unspecified-sql-injection(73898)

BID - 52342

OSVDB - 79857

MLIST - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)

MISC - http://www.madirish.net/content/drupal-multisite-search-module-sql-injection-vulnerability

MISC - http://drupal.org/node/1471800


Last Updated: 27 May 2016 10:56:37