CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0CVE-2008-4633
https://notcve.org/view.php?id=CVE-2008-4633
SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previously cast vote." Vulnerabilidad de inyección SQL en Node Vote v5.x anteriores a v5.x-1.1 y v6.x anteriores a v6.x-1.0, en un módulo de Drupal, cuando está habilitada la opción "Allow user to vote again", permite a usuarios autenticados remotos ejecutar comandos SQL de su elección mediante vectores no especificados relacionados con "previously cast vote" (votación anterior). • http://drupal.org/node/321685 http://secunia.com/advisories/32276 http://www.securityfocus.com/bid/31779 https://exchange.xforce.ibmcloud.com/vulnerabilities/45920 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •