Description

SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment.

Remediation

References

CVE-2015-6659

Related Vulnerabilities

WordPress Plugin Simple File List Multiple Vulnerabilities (3.2.4)

WordPress Plugin Elementor Website Builder Arbitrary File Upload (3.6.2)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-14998)

WordPress Plugin Auto Affiliate Links Multiple SQL Injection Vulnerabilities (4.9.9.4)

MediaWiki Other Vulnerability (CVE-2013-4567)

Severity

High

Classification

CVE-2015-6659 CWE-138

Tags

Missing Update Known Vulnerabilities