SQL Injection Vulnerabilities in User Karma Module for Drupal
CVE-2008-6276

Currently unrated

Key Information:

Vendor: Drupal
Status: User Karma Module
Vendor: CVE Published:; 25 February 2009

Summary

The User Karma module for Drupal is susceptible to multiple SQL injection vulnerabilities that can be exploited by authenticated remote administrators. These vulnerabilities allow the execution of arbitrary SQL commands through manipulated content type inputs or voting API values. Attackers can leverage these weaknesses to alter database queries, potentially leading to unauthorized data access or manipulation.

References

http://drupal.org/node/339553

x_refsource_CONFIRM

http://secunia.com/advisories/32904

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/46946

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 25, 2009
Vulnerability Reserved
Feb 25, 2009