Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12965
HistoryJun 03, 2006 - 12:00 a.m.

[DRUPAL-SA-2006-005] Drupal 4.6.7 / 4.7.1 fixes SQL injection issue

2006-06-0300:00:00
vulners.com
12
JSON

Drupal security advisory DRUPAL-SA-2006-005

Advisory ID: DRUPAL-SA-2006-005
Project: Drupal core
Date: 2006-05-24
Security risk: highly critical
Impact: Drupal core
Where: from remote
Vulnerability: SQL injection

Description

A security vulnerability in the database layer allowed certain queries to be
submitted to the database without going through Drupal's query sanitizer.

This problem represents a critical security vulnerability and should be patched
or upgraded immediately.

Versions affected

All Drupal versions before 4.6.7 and 4.7.1.

Solution

If you are running Drupal 4.6.x then upgrade to Drupal 4.6.7.
If you are running Drupal 4.7.0 then upgrade to Drupal 4.7.1.

Contact

The security contact for Drupal can be reached at [email protected]
or using the form at http://drupal.org/contact.
More information is available from http://drupal.org/security or from
our security RSS feed http://drupal.org/security/rss.xml.

// Uwe Hermann, on behalf of the Drupal Security Team.

Uwe Hermann
http://www.hermann-uwe.de
http://www.it-services-uh.de | http://www.crazy-hacks.org
http://www.holsham-traders.de | http://www.unmaintained-free-software.org

JSON