Description

SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment.

Remediation

References

CVE-2015-6659

Related Vulnerabilities

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-5001)

WordPress Plugin Slideshow Pro 'upload.php' Arbitrary File Upload (2.1)

WordPress Plugin MContact Button includes Backdoor [Only if downloaded via the vendor website] (2.0.6)

MySQL CVE-2018-2839 Vulnerability (CVE-2018-2839)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43713)

Severity

High

Classification

CVE-2015-6659 CWE-138

Tags

Missing Update Known Vulnerabilities