Vulnerability Description
SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 for Drupal allows remote authenticated users, with News Page nodes create and edit privileges, to execute arbitrary SQL commands via the Include Words (aka keywords) field.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Drupal | Drupal | All versions |
| Drupal | News Page | 5.x-1.1 |
Related Weaknesses (CWE)
References
- http://drupal.org/node/449014PatchVendor Advisory
- http://osvdb.org/54151
- http://secunia.com/advisories/34954Vendor Advisory
- http://www.securityfocus.com/bid/34777Patch
- http://www.vupen.com/english/advisories/2009/1214Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50248
- http://drupal.org/node/449014PatchVendor Advisory
- http://osvdb.org/54151
- http://secunia.com/advisories/34954Vendor Advisory
- http://www.securityfocus.com/bid/34777Patch
- http://www.vupen.com/english/advisories/2009/1214Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50248
FAQ
What is CVE-2009-1505?
CVE-2009-1505 is a vulnerability with a CVSS score of 6.5 (MEDIUM). SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 for Drupal allows remote authenticated users, with News Page nodes create and edit privileges, to execute arbitrary SQL commands ...
How severe is CVE-2009-1505?
CVE-2009-1505 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1505?
Check the references section above for vendor advisories and patch information. Affected products include: Drupal Drupal, Drupal News Page.