Critical Severity Vulnerability
This vulnerability has been rated as Critical severity. Immediate action is recommended.
CVE-2011-2715
Critical
Low
Medium
High
Critical
9.8
CVSS Score
Vulnerability Description
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
H
Integrity
H
Availability
H
Known Affected Software
2 configuration(s) from 1 vendor(s)
drupal
Version:
6.20
CPE:
cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*
data
Version:
6.x-1.0
CPE:
cpe:2.3:a:drupal:data:6.x-1.0:alpha14:*:*:*:*:*:*
This vulnerability affects 2 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
https://www.drupal.org/node/1056470secalert@redhat.com Patch Vendor Advisory
-
https://www.openwall.com/lists/oss-security/2011/07/26/8secalert@redhat.com Mailing List Third Party Advisory
-
https://www.drupal.org/node/1056470af854a3a-2127-422b-91ae-364da2661108 Patch Vendor Advisory
-
https://www.openwall.com/lists/oss-security/2011/07/26/8af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
Severity Details
9.8
out of 10.0
Critical
Weakness Type (CWE)
CWE-89
Top 25 #3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
- Description
- The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a…
- Exploit Likelihood
- High
- Typical Severity
- High
- OWASP Top 10
- A03:2021-Injection
- Abstraction Level
- Base
Key Information
- Published Date
- January 14, 2020
