Description

Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2) ajaxLoader, and (3) ubrowser contributed modules.

Remediation

References

CVE-2007-6299

Related Vulnerabilities

WordPress Plugin SoundPress Cross-Site Scripting (2.2.6)

Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2007-0270)

Serendipity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-1385)

MySQL CVE-2021-35640 Vulnerability (CVE-2021-35640)

Apache Tomcat Other Vulnerability (CVE-2011-1183)

Severity

High

Classification

CVE-2007-6299 CWE-20

Tags

Missing Update Known Vulnerabilities