SQL Injection in Drupal - CVE-2015-6665
Published: September 14, 2016
Vulnerability identifier: #VU428
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2015-6665
CWE-ID: CWE-564
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Drupal
Affected software:
Drupal
Drupal
Detailed vulnerability description
The vulnerability allows user with elevated permissions to get access to sensitive information.
The weakness exists due to SQL injection. The attacker inject specially crafted code inunsufficiently filtered SQL comments.
Successful exploitation of this vulnerability allows a malicious user to obtain potentially sensitive information.
The weakness exists due to SQL injection. The attacker inject specially crafted code inunsufficiently filtered SQL comments.
Successful exploitation of this vulnerability allows a malicious user to obtain potentially sensitive information.