CVE-2008-6383

2009-03-02T19:30:00
ID CVE-2008-6383
Type cve
Reporter cve@mitre.org
Modified 2017-08-17T01:29:00

Description

SQL injection vulnerability in SpeedTech Organization and Resource Manager (Storm) 5.x before 5.x-1.14 and 6.x before 6.x-1.18, a module for Drupal, allows remote authenticated users with storm project access to execute arbitrary SQL commands via unspecified vectors. Per vendor advisory at: http://drupal.org/node/342246

"Versions Affected

* Versions of Storm for Drupal 5.x prior to 5.x-1.14
* Versions of Storm for Drupal 6.x prior to 6.x-1.18

Drupal core is not affected. If you do not use the Storm module, there is nothing you need to do.