Drupal : Security vulnerabilities, CVEs published in December 2007

Copy

CVE-2007-6320

Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks.

Max CVSS

4.3

EPSS Score

0.08%

Published

2007-12-12

Updated

2008-11-15

CVE-2007-6299

Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2) ajaxLoader, and (3) ubrowser contributed modules.

Max CVSS

7.5

EPSS Score

0.39%

Published

2007-12-10

Updated

2017-08-08

CVE-2007-6298

Cross-site scripting (XSS) vulnerability in the Shoutbox module for Drupal 5.x before Shoutbox 5.x-1.1 allows remote authenticated users to inject arbitrary web script or HTML via Shoutbox block messages.

Max CVSS

4.3

EPSS Score

0.27%

Published

2007-12-10

Updated

2017-08-08

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!