SECUNIA ADVISORY ID: SA22566
VERIFY ADVISORY: http://secunia.com/advisories/22566/
CRITICAL: Less critical
IMPACT: Manipulation of data
WHERE: >From remote
SOFTWARE: Drupal Extended Tracker Module 4.x - http://secunia.com/product/12431/
DESCRIPTION: A vulnerability has been reported in the Extended Tracker module for Drupal, which can be exploited by malicious users to conduct SQL injection attacks. Input passed to unspecified parameters via the URL is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 4.7 prior to revision 1.5.2.1.
SOLUTION: Update to the latest version of 4.7.
PROVIDED AND/OR DISCOVERED BY: The Drupal Security Team.
ORIGINAL ADVISORY: http://drupal.org/node/91358
Drupal Extended Tracker Module SQL InjectionPosted on Thursday, October 26, 2006 @ 09:55:29 CDT in Security Associated Topics
 |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
