Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Drupal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-3223) - Vulnerability Database

Drupal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-3223)

Description

SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."

References

CVE-2008-3223

Related Vulnerabilities

Beego Framework Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-39391) Medium
Common tags: Missing Update Known Vulnerabilities
Jboss EAP Improper Input Validation Vulnerability (CVE-2020-10693) Medium
Common tags: Missing Update Known Vulnerabilities
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-10243) Critical
Common tags: Missing Update Known Vulnerabilities
ownCloud Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-10252) High
Common tags: Missing Update Known Vulnerabilities
ownCloud Improper Authentication Vulnerability (CVE-2020-10254) Medium
Common tags: Missing Update Known Vulnerabilities

Severity

High

Classification

CVE-2008-3223
CWE-138

Tags

Missing Update
Known Vulnerabilities