Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2011-4113First vendor Publication2012-02-17
VendorCveLast vendor Modification2012-02-29

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of views with specific configurations of arguments."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4113

CWE : Common Weakness Enumeration

idName
CWE-89Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application57

Open Source Vulnerability Database (OSVDB)

idDescription
76809Views Module for Drupal Unspecified Filters / Arguments SQL Injection

Nessus® Vulnerability Scanner

DateDescription
2011-11-22Name : The remote Fedora host is missing a security update.
File : fedora_2011-15399.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/50500
CONFIRMhttp://drupal.org/node/1329842
FEDORAhttp://lists.fedoraproject.org/pipermail/package-announce/2011-November/06949...
MISChttp://drupal.org/node/1329898
MLISThttp://www.openwall.com/lists/oss-security/2011/11/04/3
OSVDBhttp://www.osvdb.org/76809
SECUNIAhttp://secunia.com/advisories/46680
http://secunia.com/advisories/46962
XFhttp://xforce.iss.net/xforce/xfdb/71124

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 11:05:59
  • Multiple Updates
2013-05-10 23:10:06
  • Multiple Updates