Description

Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2) ajaxLoader, and (3) ubrowser contributed modules.

Remediation

References

CVE-2007-6299

Related Vulnerabilities

WordPress Plugin Caldera Forms-More Than Contact Forms Information Disclosure (1.3.5.2)

WordPress Plugin LeagueManager Multiple SQL Injection Vulnerabilities (3.9.1.1)

Django Resource Management Errors Vulnerability (CVE-2014-0481)

WebLogic CVE-2019-2824 Vulnerability (CVE-2019-2824)

WordPress Plugin BackWPup Multiple Unspecified Vulnerabilities (3.2.1)

Severity

High

Classification

CVE-2007-6299 CWE-20

Tags

Missing Update Known Vulnerabilities