Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2011-4113First vendor Publication2012-02-17
VendorCveLast vendor Modification2012-02-29

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of views with specific configurations of arguments."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4113

CWE : Common Weakness Enumeration

%idName
100 %CWE-89Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application57

Open Source Vulnerability Database (OSVDB)

idDescription
76809Views Module for Drupal Unspecified Filters / Arguments SQL Injection

Nessus® Vulnerability Scanner

DateDescription
2011-11-22Name : The remote Fedora host is missing a security update.
File : fedora_2011-15399.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/50500
CONFIRM http://drupal.org/node/1329842
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2011-November/06949...
MISC http://drupal.org/node/1329898
MLIST http://www.openwall.com/lists/oss-security/2011/11/04/3
XF http://xforce.iss.net/xforce/xfdb/71124

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2016-06-28 18:53:15
  • Multiple Updates
2016-04-26 21:12:20
  • Multiple Updates
2014-02-17 11:05:59
  • Multiple Updates
2013-05-10 23:10:06
  • Multiple Updates