1 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0

SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x before 6.x-1.6 allows remote attackers to execute arbitrary SQL commands via the sorting method. Vulnerabilidad de inyección SQL en el módulo Yr Weatherdataa para Drupal v6.x anterior a v6.x-1.6 permite a atacantes remotos ejecutar comandos SQL a través del método de ordenación. • http://drupal.org/node/606290 http://drupal.org/node/905686 http://secunia.com/advisories/41385 http://www.osvdb.org/67918 https://exchange.xforce.ibmcloud.com/vulnerabilities/61673 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •