SQL Injection Vulnerability in Taxonomy Autotagger Module for Drupal
CVE-2008-3092

Currently unrated

Key Information:

Vendor: Drupal
Status: Taxonomy Autotagger Module
Vendor: CVE Published:; 9 July 2008

What is CVE-2008-3092?

The Taxonomy Autotagger module for Drupal contains an SQL injection vulnerability that allows remote authenticated users, who have permission to create or edit posts, to execute arbitrary SQL commands. This can lead to unauthorized data manipulation and potential exposure of sensitive information. The vulnerability can be exploited through unspecified vectors, which makes it critical for users of affected versions to apply necessary updates promptly to safeguard their application.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/43571

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/30067

vdb-entryx_refsource_BID

http://secunia.com/advisories/30933

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2008
Vulnerability Reserved
Jul 9, 2008