Description

SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."

Remediation

References

CVE-2008-3223

Related Vulnerabilities

Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-8140)

OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-0735)

markdown-it Improper Access Control Vulnerability (CVE-2015-3295)

Magento Improper Authentication Vulnerability (CVE-2015-3457)

ClipBucket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-7666)

Severity

High

Classification

CVE-2008-3223 CWE-138

Tags

Missing Update Known Vulnerabilities