Vulnerability Details : CVE-2008-3223
SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."
Vulnerability category: Sql Injection
Products affected by CVE-2008-3223
- cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-3223
0.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-3223
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2008-3223
-
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-3223
-
http://drupal.org/node/280571
SA-2008-044 - Drupal core - Multiple vulnerabilities | Drupal.orgPatch;Vendor Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html
[SECURITY] Fedora 8 Update: drupal-5.8-1.fc8Third Party Advisory
-
http://www.securityfocus.com/bid/30168
Third Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2008/07/10/3
oss-security - CVE request: multiple drupal issues in < 6.3,5.8Mailing List;Third Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/43705
Third Party Advisory;VDB Entry
-
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html
[SECURITY] Fedora 9 Update: drupal-6.3-1.fc9Third Party Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html
[SECURITY] Fedora 8 Update: drupal-5.9-1.fc8Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=454849
454849 – (CVE-2008-3218) drupal: multiple security issues in < 6.3,5.8/5.9 (SA-2008-044,SA-2008-046 - CVE-2008-3218, CVE-2008-3219, CVE-2008-3220, CVE-2008-3221, CVE-2008-3222, CVE-2008-3223)Issue Tracking;Patch;Third Party Advisory
Jump to