drupal -- SQL injection vulnerability

2007-12-05T00:00:00
ID FA708908-A8C7-11DC-B41D-000FB5066B20
Type freebsd
Reporter FreeBSD
Modified 2007-12-05T00:00:00

Description

The Drupal Project reports:

The function taxonomy_select_nodes() directly injects variables into SQL queries instead of using placeholders. While taxonomy module itself validates the input passed to taxonomy_select_nodes(), this is a weakness in Drupal core. Several contributed modules, such as taxonomy_menu, ajaxLoader, and ubrowser, directly pass user input to taxonomy_select_nodes(), enabling SQL injection attacks by anonymous users.