CVE-2008-3223
Published: 18 July 2008
SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."
Priority
Status
Package | Release | Status |
---|---|---|
drupal Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(code not present)
|
feisty |
Not vulnerable
(code not present)
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
upstream |
Released
(6.3)
|
|
drupal5 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Not vulnerable
(code not present)
|
|
hardy |
Not vulnerable
(code not present)
|
|
upstream |
Released
(6.3)
|