2 matches found
CVE-2009-1505
SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 for Drupal allows remote authenticated users, with News Page nodes create and edit privileges, to execute arbitrary SQL commands via the Include Words aka keywords field...
CVE-2009-1505
CVE-2009-1505 affects the Drupal News Page module (5.x) prior to 5.x-1.2. The vulnerability is a SQL injection in the Include Words field that allows remote authenticated users (with News Page create/edit privileges) to execute arbitrary SQL commands. Underlying issue: input handling in the Keywo...