SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the “administer Date Tools” privilege to execute arbitrary SQL commands via unspecified vectors.
CPE | Name | Operator | Version |
---|---|---|---|
date | eq | 6.x-2.0 rc4 | |
date | eq | 6.x-2.0 rc2 | |
date | eq | 6.x-2.0 beta4 | |
date | eq | 6.x-2.0 rc3 | |
date | eq | 6.x-2.0 beta2 | |
date | eq | 6.x-2.0 rc5 | |
date | eq | 6.x-2.0 rc6 | |
date | eq | 6.x-2.0 beta | |
date | eq | 6.x-2.0 beta3 | |
date | eq | 6.120.20 |