7.5
CVE-2011-4113
- EPSS 1.71%
- Veröffentlicht 17.02.2012 23:55:01
- Zuletzt bearbeitet 16.06.2026 23:34:27
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginSQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of views with specific configurations of arguments."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Earl Miles ≫ Views Version <= 6.x-2.12
Earl Miles ≫ Views Version4.7.x-1.0
Earl Miles ≫ Views Version4.7.x-1.1
Earl Miles ≫ Views Version4.7.x-1.2
Earl Miles ≫ Views Version4.7.x-1.3
Earl Miles ≫ Views Version4.7.x-1.4
Earl Miles ≫ Views Version4.7.x-1.4.2
Earl Miles ≫ Views Version4.7.x-1.6
Earl Miles ≫ Views Version4.7.x-1.6 Updatebeta
Earl Miles ≫ Views Version4.7.x-1.6 Updatebeta2
Earl Miles ≫ Views Version4.7.x-1.6 Updatebeta3
Earl Miles ≫ Views Version4.7.x-1.6 Updatebeta5
Earl Miles ≫ Views Version4.7.x-1.x Updatedev
Earl Miles ≫ Views Version4.7.x1.5
Earl Miles ≫ Views Version5.x-1.0
Earl Miles ≫ Views Version5.x-1.1 Updatebeta
Earl Miles ≫ Views Version5.x-1.2 Updatebeta1
Earl Miles ≫ Views Version5.x-1.3 Updatebeta1
Earl Miles ≫ Views Version5.x-1.4 Updaterc1
Earl Miles ≫ Views Version5.x-1.4-2 Updaterc1
Earl Miles ≫ Views Version5.x-1.5
Earl Miles ≫ Views Version5.x-1.6
Earl Miles ≫ Views Version5.x-1.6 Updatebeta
Earl Miles ≫ Views Version5.x-1.6 Updatebeta2
Earl Miles ≫ Views Version5.x-1.6 Updatebeta3
Earl Miles ≫ Views Version5.x-1.6 Updatebeta4
Earl Miles ≫ Views Version5.x-1.6 Updatebeta5
Earl Miles ≫ Views Version5.x-1.7
Earl Miles ≫ Views Version5.x-1.8
Earl Miles ≫ Views Version5.x-1.x Updatedev
Earl Miles ≫ Views Version6.x-2.0
Earl Miles ≫ Views Version6.x-2.0 Updatealpha1
Earl Miles ≫ Views Version6.x-2.0 Updatealpha2
Earl Miles ≫ Views Version6.x-2.0 Updatealpha3
Earl Miles ≫ Views Version6.x-2.0 Updatealpha4
Earl Miles ≫ Views Version6.x-2.0 Updatealpha5
Earl Miles ≫ Views Version6.x-2.0 Updatebeta1
Earl Miles ≫ Views Version6.x-2.0 Updatebeta2
Earl Miles ≫ Views Version6.x-2.0 Updatebeta3
Earl Miles ≫ Views Version6.x-2.0 Updatebeta4
Earl Miles ≫ Views Version6.x-2.0 Updaterc1
Earl Miles ≫ Views Version6.x-2.0 Updaterc2
Earl Miles ≫ Views Version6.x-2.0 Updaterc3
Earl Miles ≫ Views Version6.x-2.0 Updaterc4
Earl Miles ≫ Views Version6.x-2.0 Updaterc5
Earl Miles ≫ Views Version6.x-2.1
Earl Miles ≫ Views Version6.x-2.2
Earl Miles ≫ Views Version6.x-2.3
Earl Miles ≫ Views Version6.x-2.4
Earl Miles ≫ Views Version6.x-2.5
Earl Miles ≫ Views Version6.x-2.6
Earl Miles ≫ Views Version6.x-2.7
Earl Miles ≫ Views Version6.x-2.8
Earl Miles ≫ Views Version6.x-2.9
Earl Miles ≫ Views Version6.x-2.10
Earl Miles ≫ Views Version6.x-2.11
Earl Miles ≫ Views Version6.x-2.x Updatedev
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.71% | 0.743 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
http://drupal.org/node/1329842
http://drupal.org/node/1329898
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069499.html
http://secunia.com/advisories/46680
http://secunia.com/advisories/46962
http://www.openwall.com/lists/oss-security/2011/11/04/3
http://www.osvdb.org/76809
http://www.securityfocus.com/bid/50500
https://exchange.xforce.ibmcloud.com/vulnerabilities/71124