Sql injection

2012-09-2003:46:00

PRIOn knowledge base

www.prio-n.com

8.5 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.7%

JSON

SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the “administer Date Tools” privilege to execute arbitrary SQL commands via unspecified vectors.

CPENameOperatorVersion
dateeq6.x-2.0 rc4
dateeq6.x-2.0 rc2
dateeq6.x-2.0 beta4
dateeq6.x-2.0 rc3
dateeq6.x-2.0 beta2
dateeq6.x-2.0 rc5
dateeq6.x-2.0 rc6
dateeq6.x-2.0 beta
dateeq6.x-2.0 beta3
dateeq6.120.20

Name	Operator	Version
date	eq	6.x-2.0 rc4
date	eq	6.x-2.0 rc2
date	eq	6.x-2.0 beta4
date	eq	6.x-2.0 rc3
date	eq	6.x-2.0 beta2
date	eq	6.x-2.0 rc5
date	eq	6.x-2.0 rc6
date	eq	6.x-2.0 beta
date	eq	6.x-2.0 beta3
date	eq	6.120.20