Description
SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."
Remediation
References
Related Vulnerabilities
Magento CVE-2021-36021 Vulnerability (CVE-2021-36021)
Oracle JRE CVE-2017-10348 Vulnerability (CVE-2017-10348)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2771)
WordPress Plugin Post Logo Cross-Site Scripting (1.1b)
WordPress Plugin iThemes Security (formerly Better WP Security) Cross-Site Scripting (5.6.1)