2 matches found
Drupal 'Commerce Invoices' Module SQL Injection and Cross Site Scripting Vulnerabilities
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Ctools Chaos tool suite is one of the API modules used to improve the development experience. SQL injection and cross-site scripting vulnerabilities exist in the Drupal 'Commerce...
Commerce invoices - Highly Critical - SQL Injection and Cross Site scripting - DRUPAL-SA-CONTRIB-2017-070
Commerce Invoices allows you to enter an Invoice number, Company name and Amount and it will generate an Invoice that the client can pay on your site using any payment method supported by Drupal commerce. SQL Injection The module did not properly use Drupal's database API when querying the databa...