oss-sec mailing list archives

Re: CVE Request -- Drupal (v6.x based) Views module - SQL injection due improper escaping of database parameters for certain filters / arguments (SA-CONTRIB-2011-052)

From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 04 Nov 2011 09:24:18 -0600

On 11/04/2011 04:49 AM, Jan Lieskovsky wrote:

Hello Kurt, Steve, vendors,

  a SQL injection flaw was found in the way the views module for the
Drupal (v6.x based), open-source content-management platform, performed
sanitization of the database parameters for certain filters / arguments
on certain types of views with specific configuration of arguments. A
remote attacker could provide a specially-crafted SQL query, which once
processed by the Drupal system instance could lead to arbitrary SQL
commands execution.

References:
[1] http://drupal.org/node/1329898
[2] http://drupal.org/node/1329846
[3] https://bugzilla.redhat.com/show_bug.cgi?id=751325

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
-- 
Jan iankko Lieskovsky / Red Hat Security Response Team

Please use CVE-2011-4113 for this issue.

-- 

-Kurt Seifried / Red Hat Security Response Team

Current thread:

CVE Request -- Drupal (v6.x based) Views module - SQL injection due improper escaping of database parameters for certain filters / arguments (SA-CONTRIB-2011-052) Jan Lieskovsky (Nov 04)
- Re: CVE Request -- Drupal (v6.x based) Views module - SQL injection due improper escaping of database parameters for certain filters / arguments (SA-CONTRIB-2011-052) Kurt Seifried (Nov 04)