1 results (0.007 seconds)

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

SQL injection vulnerability in the Multisite Search module 6.x-2.2 for Drupal allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the Site table prefix field. Vulnerabilidad de inyección de comandos SQL en el módulo Multisite Search v6.x-2.2 para Drupal, permite a usuarios autenticados remotaente con algunos permisos, ejecutar comandos SQL a través del prefijo de campo de la tabla Site. • http://drupal.org/node/1471800 http://www.madirish.net/content/drupal-multisite-search-module-sql-injection-vulnerability http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79857 http://www.securityfocus.com/bid/52342 https://exchange.xforce.ibmcloud.com/vulnerabilities/73898 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •