Vulnerability Details CVE-2008-3223
SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://drupal.org/node/280571
- http://secunia.com/advisories/31079
- http://www.openwall.com/lists/oss-security/2008/07/10/3
- http://www.securityfocus.com/bid/30168
- https://bugzilla.redhat.com/show_bug.cgi?id=454849
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43705
- https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html
- http://drupal.org/node/280571
- http://secunia.com/advisories/31079
- http://www.openwall.com/lists/oss-security/2008/07/10/3
- http://www.securityfocus.com/bid/30168
- https://bugzilla.redhat.com/show_bug.cgi?id=454849
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43705
- https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html
Products affected by CVE-2008-3223
-
cpe:2.3:a:drupal:drupal:6.0
-
cpe:2.3:a:drupal:drupal:6.1
-
cpe:2.3:a:drupal:drupal:6.2
-
cpe:2.3:o:fedoraproject:fedora:8
-
cpe:2.3:o:fedoraproject:fedora:9