4 matches found
EUVD-2009-1502
Malware in sbrugna...
Sql injection
SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 for Drupal allows remote authenticated users, with News Page nodes create and edit privileges, to execute arbitrary SQL commands via the Include Words aka keywords field...
CVE-2009-1505
CVE-2009-1505 affects the Drupal News Page module (5.x) prior to 5.x-1.2. The vulnerability is a SQL injection in the Include Words field that allows remote authenticated users (with News Page create/edit privileges) to execute arbitrary SQL commands. Underlying issue: input handling in the Keywo...
SA-CONTRIB-2009-023 - News Page - SQL injection
The News Page module provides a node content type which displays feed items from an aggregator category, filtered by keywords entered into the 'Include Words' field of the node. Unfortunately the News Page module uses keywords directly in SQL queries without being sanitized, allowing SQL injectio...