Vulnerability Name:

CVE-2007-6299 (CCN-38884)

Assigned:2007-12-05
Published:2007-12-05
Updated:2017-08-08
Summary:Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2) ajaxLoader, and (3) ubrowser contributed modules.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-89
CWE-20
Vulnerability Consequences:Data Manipulation
References:Source: MITRE
Type: CNA
CVE-2007-6299

Source: CCN
Type: DRUPAL-SA-2007-031
SA-2007-031 - Drupal core - SQL Injection possible when certain contributed modules are enabled

Source: CONFIRM
Type: UNKNOWN
http://drupal.org/node/198162

Source: CCN
Type: SA27932
Drupal "taxonomy_select_nodes()" SQL Injection

Source: SECUNIA
Type: Vendor Advisory
27932

Source: CCN
Type: SA27951
vbDrupal "taxonomy_select_nodes()" SQL Injection

Source: SECUNIA
Type: Vendor Advisory
27951

Source: SECUNIA
Type: UNKNOWN
27973

Source: CONFIRM
Type: Patch
http://sourceforge.net/project/shownotes.php?release_id=559532

Source: CONFIRM
Type: Patch
http://sourceforge.net/project/shownotes.php?release_id=559538

Source: BID
Type: UNKNOWN
26735

Source: CCN
Type: BID-26735
Drupal TAXONOMY_SELECT_NODES() SQL Injection Vulnerability

Source: XF
Type: UNKNOWN
drupal-taxonomy-sql-injection(38884)

Source: XF
Type: UNKNOWN
drupal-taxonomy-sql-injection(38884)

Source: XF
Type: UNKNOWN
vbdrupal-taxonomy-sql-injection(38886)

Source: FEDORA
Type: UNKNOWN
FEDORA-2007-4136

Source: FEDORA
Type: UNKNOWN
FEDORA-2007-4163

Vulnerable Configuration:Configuration 1:
  • cpe:/a:drupal:drupal:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.2.0_rc:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.5:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.6:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.6.5:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.6.6:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.6.7:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.6.8:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.6.9:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.6.10:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.6.11:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.7:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.7.4:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.7.5:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.7.6:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.7.7:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.7.8:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:4.7_rev1.15:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:5.1_rev1.1:*:*:*:*:*:*:*
  • OR cpe:/a:drupal:drupal:5.2:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2007-6299 (CCN-38886)

    Assigned:2007-12-05
    Published:2007-12-05
    Updated:2007-12-05
    Summary:vbDrupal is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the taxonomy_select_nodes() function using an unspecified parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.

    Note: Successful exploitation requires the installation of a module that passes data to the taxonomy_select_nodes() function.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    6.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
    5.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Data Manipulation
    References:Source: MITRE
    Type: CNA
    CVE-2007-6299

    Source: CCN
    Type: DRUPAL-SA-2007-031
    SA-2007-031 - Drupal core - SQL Injection possible when certain contributed modules are enabled

    Source: CCN
    Type: SA27932
    Drupal "taxonomy_select_nodes()" SQL Injection

    Source: CCN
    Type: SA27951
    vbDrupal "taxonomy_select_nodes()" SQL Injection

    Source: CCN
    Type: SourceForge.net: Files
    Release Name: 5.4.0

    Source: CCN
    Type: SourceForge.net
    vbDrupal

    Source: CCN
    Type: BID-26735
    Drupal TAXONOMY_SELECT_NODES() SQL Injection Vulnerability

    Source: XF
    Type: UNKNOWN
    vbdrupal-taxonomy-sql-injection(38886)

    BACK
    drupal drupal 4.0.0
    drupal drupal 4.1.0
    drupal drupal 4.2.0_rc
    drupal drupal 4.4.0
    drupal drupal 4.4.1
    drupal drupal 4.4.2
    drupal drupal 4.4.3
    drupal drupal 4.5
    drupal drupal 4.5.1
    drupal drupal 4.5.2
    drupal drupal 4.5.3
    drupal drupal 4.5.4
    drupal drupal 4.5.5
    drupal drupal 4.5.6
    drupal drupal 4.5.7
    drupal drupal 4.5.8
    drupal drupal 4.6
    drupal drupal 4.6.0
    drupal drupal 4.6.1
    drupal drupal 4.6.2
    drupal drupal 4.6.3
    drupal drupal 4.6.4
    drupal drupal 4.6.5
    drupal drupal 4.6.6
    drupal drupal 4.6.7
    drupal drupal 4.6.8
    drupal drupal 4.6.9
    drupal drupal 4.6.10
    drupal drupal 4.6.11
    drupal drupal 4.7
    drupal drupal 4.7.1
    drupal drupal 4.7.2
    drupal drupal 4.7.3
    drupal drupal 4.7.4
    drupal drupal 4.7.5
    drupal drupal 4.7.6
    drupal drupal 4.7.7
    drupal drupal 4.7.8
    drupal drupal 4.7_rev1.15
    drupal drupal 5.0
    drupal drupal 5.1
    drupal drupal 5.1_rev1.1
    drupal drupal 5.2