Drupal SQL Injection vulnerability · CVE-2011-2715 · GitHub Advisory Database · GitHub

Drupal SQL Injection vulnerability

Critical severity GitHub Reviewed Published Apr 22, 2022 to the GitHub Advisory Database • Updated May 3, 2024

Package

drupal/core (Composer)

Affected versions

= 6.20

Patched versions

None

Description

An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.

References

Published by the National Vulnerability Database

Jan 14, 2020

Published to the GitHub Advisory Database Apr 22, 2022

Reviewed Apr 23, 2024

Last updated May 3, 2024

Severity

Critical

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H