Vulnerability Details CVE-2015-6659
SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.145
EPSS Ranking 94.1%
CVSS Severity
CVSS v2 Score 7.5
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165061.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165690.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165704.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165723.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165733.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165840.html
- http://www.debian.org/security/2015/dsa-3346
- http://www.securityfocus.com/bid/76432
- http://www.securitytracker.com/id/1033358
- https://www.drupal.org/SA-CORE-2015-003
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165061.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165690.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165704.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165723.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165733.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165840.html
- http://www.debian.org/security/2015/dsa-3346
- http://www.securityfocus.com/bid/76432
- http://www.securitytracker.com/id/1033358
- https://www.drupal.org/SA-CORE-2015-003
Products affected by CVE-2015-6659
-
cpe:2.3:a:drupal:drupal:7.0
-
cpe:2.3:a:drupal:drupal:7.1
-
cpe:2.3:a:drupal:drupal:7.10
-
cpe:2.3:a:drupal:drupal:7.11
-
cpe:2.3:a:drupal:drupal:7.12
-
cpe:2.3:a:drupal:drupal:7.13
-
cpe:2.3:a:drupal:drupal:7.14
-
cpe:2.3:a:drupal:drupal:7.15
-
cpe:2.3:a:drupal:drupal:7.16
-
cpe:2.3:a:drupal:drupal:7.17
-
cpe:2.3:a:drupal:drupal:7.18
-
cpe:2.3:a:drupal:drupal:7.19
-
cpe:2.3:a:drupal:drupal:7.2
-
cpe:2.3:a:drupal:drupal:7.20
-
cpe:2.3:a:drupal:drupal:7.21
-
cpe:2.3:a:drupal:drupal:7.22
-
cpe:2.3:a:drupal:drupal:7.23
-
cpe:2.3:a:drupal:drupal:7.24
-
cpe:2.3:a:drupal:drupal:7.25
-
cpe:2.3:a:drupal:drupal:7.26
-
cpe:2.3:a:drupal:drupal:7.27
-
cpe:2.3:a:drupal:drupal:7.28
-
cpe:2.3:a:drupal:drupal:7.29
-
cpe:2.3:a:drupal:drupal:7.3
-
cpe:2.3:a:drupal:drupal:7.30
-
cpe:2.3:a:drupal:drupal:7.33
-
cpe:2.3:a:drupal:drupal:7.34
-
cpe:2.3:a:drupal:drupal:7.35
-
cpe:2.3:a:drupal:drupal:7.36
-
cpe:2.3:a:drupal:drupal:7.37
-
cpe:2.3:a:drupal:drupal:7.38
-
cpe:2.3:a:drupal:drupal:7.4
-
cpe:2.3:a:drupal:drupal:7.5
-
cpe:2.3:a:drupal:drupal:7.6
-
cpe:2.3:a:drupal:drupal:7.7
-
cpe:2.3:a:drupal:drupal:7.8
-
cpe:2.3:a:drupal:drupal:7.9
-
cpe:2.3:a:drupal:drupal:7.x-dev