CVE Vulnerability

CVE-2008-3223

SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://www.openwall.com/lists/oss-security/2008/07/10/3 Mailing List Third Party Advisory
http://drupal.org/node/280571 Patch Vendor Advisory
http://www.securityfocus.com/bid/30168 Third Party Advisory VDB Entry
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html Third Party Advisory
http://secunia.com/advisories/31079 Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=454849 Issue Tracking Patch
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/43705 Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
Information

Published : 2008-07-18 04:41

Updated : 2021-04-15 01:49

NVD link : CVE-2008-3223

Mitre link : CVE-2008-3223

Products Affected
No products.
CWE
CWE-89