Drupal : Security Vulnerabilities, CVEs, (Sql injection) CVSS score >= 9
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.
Max CVSS
9.8
EPSS Score
1.53%
Published
2019-05-16
Updated
2021-09-29
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.
Max CVSS
9.8
EPSS Score
0.15%
Published
2020-01-14
Updated
2020-01-24
SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via values in the URI.
Max CVSS
10.0
EPSS Score
0.25%
Published
2009-03-20
Updated
2017-08-17
3 vulnerabilities found