Published: 24/08/2015 Updated: 24/12/2016
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x prior to 7.39 allows remote malicious users to execute arbitrary SQL commands via an SQL comment.

Vulnerability Trend

Vendor Advisories

Several vulnerabilities were discovered in Drupal, a content management framework: CVE-2015-6658 The form autocomplete functionality did not properly sanitize the requested URL, allowing remote attackers to perform a cross-site scripting attack CVE-2015-6659 The SQL comment filtering system could allow a user with elevated per ...