Drupal Webform CiviCRM Integration Module Unspecified SQL Injection Vulnerability
BID:50636
Info
Drupal Webform CiviCRM Integration Module Unspecified SQL Injection Vulnerability
| Bugtraq ID: | 50636 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 10 2011 12:00AM |
| Updated: | Nov 10 2011 12:00AM |
| Credit: | Michal Mach |
| Vulnerable: |
Drupal Webform CiviCRM Integration 7.x-2.1 Drupal Webform CiviCRM Integration 6.X-2.1 |
| Not Vulnerable: |
Drupal Webform CiviCRM Integration 7.x-2.2 Drupal Webform CiviCRM Integration 6.X-2.2 |
Discussion
Drupal Webform CiviCRM Integration Module Unspecified SQL Injection Vulnerability
The Webform CiviCRM Integration module for Drupal is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Webform CiviCRM Integration 6.x-2.1 and 7.x-2.1 are vulnerable; other versions may also be affected.
The Webform CiviCRM Integration module for Drupal is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Webform CiviCRM Integration 6.x-2.1 and 7.x-2.1 are vulnerable; other versions may also be affected.
Exploit / POC
Drupal Webform CiviCRM Integration Module Unspecified SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
Drupal Webform CiviCRM Integration Module Unspecified SQL Injection Vulnerability
Solution:
Vendor updates are available. Please see the references for more information.
Solution:
Vendor updates are available. Please see the references for more information.
References
Drupal Webform CiviCRM Integration Module Unspecified SQL Injection Vulnerability
References:
References: