Description

SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."

Remediation

References

CVE-2008-3223

Related Vulnerabilities

Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2005-3164)

WordPress Plugin Duplicate Page Multiple Vulnerabilities (2.3)

WordPress Plugin Easiest Contact Form for WordPress-AP Contact Form includes Backdoor [Only if downloaded via the vendor website] (1.0.6)

Oracle Application Server Other Vulnerability (CVE-2005-3453)

OpenSSL NULL Pointer Dereference Vulnerability (CVE-2023-0401)

Severity

High

Classification

CVE-2008-3223 CWE-138

Tags

Missing Update Known Vulnerabilities