SQL Injection Vulnerability in Ajax Checklist Module for Drupal
CVE-2008-5998

Currently unrated

Key Information:

Vendor: Drupal
Status: Ajax Checklist
Vendor: CVE Published:; 28 January 2009

What is CVE-2008-5998?

The Ajax Checklist module for Drupal prior to version 5.x-1.1 contains multiple SQL injection vulnerabilities in the ajax_checklist_save function. These vulnerabilities allow remote authenticated users with 'update ajax checklists' permissions to execute arbitrary SQL commands during save operations. Specifically, the issues are associated with the nid, qid, and state parameters, potentially compromising database integrity and exposing sensitive information.

References

http://www.securityfocus.com/archive/1/496727/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/32009

third-party-advisoryx_refsource_SECUNIA

http://drupal.org/node/312968

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 28, 2009
Vulnerability Reserved
Jan 28, 2009