CVE-2012-1626 in Dateinfo

Summary

SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to execute arbitrary SQL commands via unspecified vectors.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

03/12/2012

Disclosure

09/19/2012

Moderation

VulDB entry created

Entries

VDB-62368 (1)

CPE

ready

CWE

CWE-89 (Confirmed)

CVSS

6.3

EPSS

0.00588

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-1626
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-1626
CVE Details	https://www.cvedetails.com/cve/CVE-2012-1626/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!