Vulnerability Details CVE-2008-4148
SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.1%
CVSS Severity
CVSS v2 Score 7.5
References
- http://drupal.org/node/309769
- http://secunia.com/advisories/31877
- http://www.securityfocus.com/bid/31230
- http://www.vupen.com/english/advisories/2008/2616
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45216
- http://drupal.org/node/309769
- http://secunia.com/advisories/31877
- http://www.securityfocus.com/bid/31230
- http://www.vupen.com/english/advisories/2008/2616
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45216
Products affected by CVE-2008-4148
-
cpe:2.3:a:drupal:mailhandler:*
-
cpe:2.3:a:drupal:mailhandler:5.x-1.0
-
cpe:2.3:a:drupal:mailhandler:5.x-1.1
-
cpe:2.3:a:drupal:mailhandler:5.x-1.2
-
cpe:2.3:a:drupal:mailhandler:5.x-1.x-dev
-
cpe:2.3:a:drupal:mailhandler:6.x-1.0
-
cpe:2.3:a:drupal:mailhandler:6.x-1.1
-
cpe:2.3:a:drupal:mailhandler:6.x-1.2
-
cpe:2.3:a:drupal:mailhandler:6.x-1.x-dev