Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x prior to 4.7.9 and 5.x prior to 5.4 allow remote malicious users to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2) ajaxLoader, and (3) ubrowser contributed modules.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal drupal 4.4.1 |
||
drupal drupal 4.4.2 |
||
drupal drupal 4.5.5 |
||
drupal drupal 4.5.6 |
||
drupal drupal 4.6.2 |
||
drupal drupal 4.6.3 |
||
drupal drupal 4.7 |
||
drupal drupal 4.7.1 |
||
drupal drupal 4.7.8 |
||
drupal drupal 4.7_rev1.15 |
||
drupal drupal 4.2.0_rc |
||
drupal drupal 4.4.0 |
||
drupal drupal 4.5.3 |
||
drupal drupal 4.5.4 |
||
drupal drupal 4.6.1 |
||
drupal drupal 4.6.10 |
||
drupal drupal 4.6.11 |
||
drupal drupal 4.6.8 |
||
drupal drupal 4.6.9 |
||
drupal drupal 4.7.6 |
||
drupal drupal 4.7.7 |
||
drupal drupal 4.0.0 |
||
drupal drupal 4.1.0 |
||
drupal drupal 4.5.1 |
||
drupal drupal 4.5.2 |
||
drupal drupal 4.6 |
||
drupal drupal 4.6.0 |
||
drupal drupal 4.6.6 |
||
drupal drupal 4.6.7 |
||
drupal drupal 4.7.4 |
||
drupal drupal 4.7.5 |
||
drupal drupal 5.1_rev1.1 |
||
drupal drupal 5.2 |
||
drupal drupal 4.4.3 |
||
drupal drupal 4.5 |
||
drupal drupal 4.5.7 |
||
drupal drupal 4.5.8 |
||
drupal drupal 4.6.4 |
||
drupal drupal 4.6.5 |
||
drupal drupal 4.7.2 |
||
drupal drupal 4.7.3 |
||
drupal drupal 5.0 |
||
drupal drupal 5.1 |