Lucene search

FreeBSD40A0185F-EC32-11DA-BE02-000C6EC775D9

HistoryMay 18, 2006 - 12:00 a.m.

drupal -- multiple vulnerabilities

2006-05-1800:00:00

vuxml.freebsd.org

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.033 Low

EPSS

Percentile

91.3%

JSON

The Drupal team reports:

Vulnerability: SQL injection
A security vulnerability in the database layer allowed
certain queries to be submitted to the database without
going through Drupal’s query sanitizer.

Vulnerability: Execution of arbitrary files
Certain – alas, typical – configurations of Apache
allows execution of carefully named arbitrary scripts in
the files directory. Drupal now will attempt to
automatically create a .htaccess file in your “files”
directory to protect you.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchdrupal< 4.6.7UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	drupal	< 4.6.7	UNKNOWN

References

drupal.org/node/65357

drupal.org/node/65409

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.033 Low

EPSS

Percentile

91.3%

JSON

Related for 40A0185F-EC32-11DA-BE02-000C6EC775D9