Description

SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."

Remediation

References

CVE-2008-3223

Related Vulnerabilities

WordPress Plugin Donation with Goals and Paypal IPN by NonprofitCMS.org 'exporttocsv.php' SQL Injection (1.0)

PHP Uncontrolled Resource Consumption Vulnerability (CVE-2017-11142)

WordPress Plugin XCloner-Backup and Restore Multiple Vulnerabilities (3.1.2)

Squid Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-4051)

MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-2327)

Severity

High

Classification

CVE-2008-3223 CWE-138

Tags

Missing Update Known Vulnerabilities