Sql injection

SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."...

CVE-2008-3223

SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."...

CVE-2008-3223

SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."...

CVE-2008-3223

SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."...

Drupal多个输入验证漏洞

BUGTRAQ ID: 30168 Drupal是一款开放源码的内容管理平台。 Drupal中存在多个输入验证错误，可能允许恶意用户执行跨站脚本、跨站请求伪造、会话固定、SQL注入和脚本注入攻击。 1 Drupal没有正确地过滤传送给分类词汇的某些输入，这可能导致注入任意HTML和脚本代码并在用户浏览器会话中执行。 2 Drupal没有正确地过滤OpenID provider所提供的某些输入便返回给了用户，这可能导致注入任意HTML和脚本代码并在用户浏览器会话中执行。 3 用户可以通过HTTP请求执行某些操作，如果登录用户受骗访问了恶意站点的话就会导致删除OpenID或转换字符串。 4...