2 matches found
CVE-2015-5504
CVE-2015-5504 describes an SQL injection in the Novalnet Payment Module Ubercart for Drupal. The vulnerability stems from failing to sanitize a database query via user-controlled input, allowing remote attackers to execute arbitrary SQL commands via unspecified vectors. Affected products: Novalne...
Novalnet Payment Module Drupal Commerce - Critical - SQL Injection - Unsupported - SA-CONTRIB-2015-117
This module enables you add the Novalnet payment service provider to Drupal Commerce. The module fails to sanitize a database query by not using the database API properly, thereby leading to a SQL Injection vulnerability. Since the affected path is not protected against CSRF, a malicious user can...