SQL Injection Vulnerability in Drupal Views Module by Drupal
CVE-2008-6020

Currently unrated

Key Information:

Vendor: Drupal
Status: Views
Vendor: CVE Published:; 2 February 2009

Summary

The Views module for Drupal 6.x prior to version 6.x-2.2 is susceptible to a SQL injection vulnerability. This issue allows remote attackers to manipulate SQL queries executed by the application through an exposed filter on CCK text fields. By exploiting this vulnerability, attackers may gain access to sensitive database information or carry out unauthorized SQL commands, potentially compromising the integrity and confidentiality of the data handled by the affected system.

References

http://drupal.org/node/348321

x_refsource_CONFIRM

http://www.securityfocus.com/bid/32895

vdb-entryx_refsource_BID

http://secunia.com/advisories/33225

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Feb 2, 2009
Vulnerability Reserved
Feb 2, 2009