4 matches found
Drupal Arbitrary SQL Command Execution Vulnerability
Drupal is an open source content management platform. Arbitrary SQL command execution vulnerability exists in Drupal 7 driver for SQL Server SQL Azure versions 7.x-1.x prior to 7.x-1.4. Allows remote attackers to execute arbitrary SQL commandsvec execute arbitrary SQL commands...
CVE-2015-7876
The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x before 7.x-1.4 does not properly escape certain characters, which allows remote attackers to execute arbitrary SQL commands via vectors involving a module using the dblike function...
CVE-2015-7876
CVE-2015-7876 concerns the Drupal 7 driver for SQL Server and SQL Azure (7.x-1.x prior to 7.x-1.4). The escapeLike function in sqlsrv/database.inc does not properly escape certain characters, enabling a remote attacker to execute arbitrary SQL commands via vectors involving a module using db_like...
Drupal 7 driver for SQL Server and SQL Azure - Moderately Critical - SQL Injection - SA-CONTRIB-2015-148
Drupal 7 driver for SQL Server and SQL Azure module has a SQL injection vulnerability. Certain characters aren't properly escaped by the Drupal database API. A malicious user may be able to access restricted information by performing a specially-crafted search. Only sites that use contrib or cust...