CVE-2015-7876 in Drupal 7 Driver for SQL Serverinfo

Summary

The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x before 7.x-1.4 does not properly escape certain characters, which allows remote attackers to execute arbitrary SQL commands vectors involving a module using the db_like function.

Reservation

10/21/2015

Disclosure

10/21/2015

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
78715	Drupal 7 Driver for SQL Server/SQL Azure database.inc db_like sql injection	89	Not defined	Official fix	CVE-2015-7876

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!