SQL Injection Vulnerability in EveryBlog Module for Drupal
CVE-2008-6134

Currently unrated

Key Information:

Vendor: Drupal
Status: Everyblog
Vendor: CVE Published:; 14 February 2009

What is CVE-2008-6134?

The SQL injection vulnerability in the EveryBlog module versions 5.x and 6.x enables remote attackers to execute arbitrary SQL commands through unspecified vectors. This flaw can be exploited to manipulate the underlying database, potentially leading to unauthorized information disclosure or data manipulation.

References

http://www.securityfocus.com/bid/31656

vdb-entryx_refsource_BID

http://secunia.com/advisories/32194

third-party-advisoryx_refsource_SECUNIA

http://drupal.org/node/318746

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 14, 2009
Vulnerability Reserved
Feb 13, 2009