drupal
Page content
- Author: voroskoi
- Vulnerable: 5.2-2sayshell1
- Unaffected: 5.2-2sayshell2
A vulnerability has been reported in Drupal, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the “taxonomy_select_nodes()” function is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that a module that passes unsanitised data to “taxonomy_select_nodes()” is installed.
- Bug Tracker URL: http://bugs.frugalware.org/task/2620