CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-1656

SQL injection vulnerability in the Multisite Search module 6.x-2.2 for Drupal allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the Site table prefix field.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 64.9%

CVSS Severity

CVSS v2 Score 6.8

References

http://drupal.org/node/1471800
http://www.madirish.net/content/drupal-multisite-search-module-sql-injection-vulnerability
http://www.openwall.com/lists/oss-security/2012/04/07/1
http://www.osvdb.org/79857
http://www.securityfocus.com/bid/52342
https://exchange.xforce.ibmcloud.com/vulnerabilities/73898
http://drupal.org/node/1471800
http://www.madirish.net/content/drupal-multisite-search-module-sql-injection-vulnerability
http://www.openwall.com/lists/oss-security/2012/04/07/1
http://www.osvdb.org/79857
http://www.securityfocus.com/bid/52342
https://exchange.xforce.ibmcloud.com/vulnerabilities/73898

Products affected by CVE-2012-1656

Drupal » Drupal » Version: N/A

cpe:2.3:a:drupal:drupal:-
Wesjones » Multisite Search » Version: 6.x-2.2

cpe:2.3:a:wesjones:multisite_search:6.x-2.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-1656

Products

Pricing

Contact Us