Lucene search
HistorySep 24, 2008 - 5:41 a.m.
CVE-2008-4148
cve-2008-4148
sql injection
mailhandler module
drupal
remote attackers
arbitrary sql commands
nvd
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.4 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
65.1%
SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API.
Affected configurations
Node
drupalmailhandlerRange≤5.x-1.3
ORdrupalmailhandlerRange≤6.x-1.3
ORdrupalmailhandlerMatch5.x-1.0
ORdrupalmailhandlerMatch5.x-1.1
ORdrupalmailhandlerMatch5.x-1.2
ORdrupalmailhandlerMatch5.x-1.x-dev
ORdrupalmailhandlerMatch6.x-1.0
ORdrupalmailhandlerMatch6.x-1.1
ORdrupalmailhandlerMatch6.x-1.2
ORdrupalmailhandlerMatch6.x-1.x-dev
Related
nvd
nvd
CVE-2008-4148
2008-09-24 05:41:38
prion
prion
Sql injection
2008-09-24 05:41:00
cvelist
cvelist
CVE-2008-4148
2008-09-19 18:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.4 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
65.1%
Related for CVE-2008-4148