SQL Injection Vulnerability in Drupal 6.x Products by Drupal
CVE-2011-2715
9.8CRITICAL
Summary
An SQL Injection vulnerability has been identified in Drupal 6.20 and Data 6.x-1.0-alpha14, stemming from inadequate sanitization of table names and column names. This flaw could allow attackers to manipulate database queries for unauthorized access and potential data exposure. Implementing proper validation and sanitization methods is essential to mitigate this security risk.
Affected Version(s)
Data-module 6.x-1.0-alpha14
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved