|
|
CVE Reference: CVE-2008-5998 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-5998 |
|
|
Description: Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/45410 SAID Secunia Advisory: SA32009 CONFIRM http://drupal.org/node/312968 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/496727/100/0/threaded BID 31384 |
|
| Return to the previous page. |
