CVE-2009-1505

CVE-2009-1505

EPSS 1.1%

SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 for Drupal allows remote authenticated users, with News Page nodes create and edit privileges, to execute arbitrary SQL commands via the Include Words (aka keywords) field.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://drupal.org/node/449014 http://osvdb.org/54151 http://secunia.com/advisories/34954 https://exchange.xforce.ibmcloud.com/vulnerabilities/50248 http://www.securityfocus.com/bid/34777 http://www.vupen.com/english/advisories/2009/1214