3 matches found
CVE-2015-7876
The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x before 7.x-1.4 does not properly escape certain characters, which allows remote attackers to execute arbitrary SQL commands via vectors involving a module using the dblike function...
CVE-2015-7876
CVE-2015-7876 concerns the Drupal 7 driver for SQL Server and SQL Azure (7.x-1.x prior to 7.x-1.4). The escapeLike function in sqlsrv/database.inc does not properly escape certain characters, enabling a remote attacker to execute arbitrary SQL commands via vectors involving a module using db_like...
Drupal 7 driver for SQL Server and SQL Azure - Moderately Critical - SQL Injection - SA-CONTRIB-2015-148
Drupal 7 driver for SQL Server and SQL Azure module has a SQL injection vulnerability. Certain characters aren't properly escaped by the Drupal database API. A malicious user may be able to access restricted information by performing a specially-crafted search. Only sites that use contrib or cust...