Description

SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."

Remediation

References

CVE-2008-3223

Related Vulnerabilities

WordPress Plugin ZX_CSV Upload Multiple Vulnerabilities (1)

e107 Other Vulnerability (CVE-2005-1949)

WordPress Plugin Custom Post View Generator Cross-Site Scripting (0.4.6)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress SQL Injection (2.9.29)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1591)

Severity

High

Classification

CVE-2008-3223 CWE-138

Tags

Missing Update Known Vulnerabilities