SQL Injection Vulnerability in Help Tip Module for Drupal
CVE-2006-6530

Currently unrated

Key Information:

Vendor: Drupal
Status: Help Tip Module
Vendor: CVE Published:; 14 December 2006

What is CVE-2006-6530?

The Help Tip module for Drupal versions prior to 4.7.x-1.0 is susceptible to an SQL injection vulnerability that permits remote attackers to execute arbitrary SQL commands. This flaw arises from unspecified vectors, allowing malware to manipulate database queries under certain conditions, potentially exposing sensitive data or compromising the integrity of the database.

References

http://www.vupen.com/english/advisories/2006/4941

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/23295

third-party-advisoryx_refsource_SECUNIA

http://drupal.org/node/102605

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 14, 2006
Vulnerability Reserved
Dec 13, 2006