Drupal Extended Tracker Module SQL Injection Date: Thursday, October 26, 2006 @ 09:55:29 CDT Topic: Security SECUNIA ADVISORY ID: SA22566 VERIFY ADVISORY: http://secunia.com/advisories/22566/ CRITICAL: Less critical IMPACT: Manipulation of data WHERE: >From remote SOFTWARE: Drupal Extended Tracker Module 4.x - http://secunia.com/product/12431/ DESCRIPTION: A vulnerability has been reported in the Extended Tracker module for Drupal, which can be exploited by malicious users to conduct SQL injection attacks. Input passed to unspecified parameters via the URL is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 4.7 prior to revision 1.5.2.1. SOLUTION: Update to the latest version of 4.7. PROVIDED AND/OR DISCOVERED BY: The Drupal Security Team. ORIGINAL ADVISORY: http://drupal.org/node/91358 This article comes from Ravens PHP Scripts https://www.ravenphpscripts.com The URL for this story is: https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2475