CVE-2008-2999

Drupal Aggregation Module - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

References (4)

[Patch, Vendor Advisory] http://drupal.org/node/269479

[Vendor Advisory] http://secunia.com/advisories/30618

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/43010

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/29677

Scores

EPSS 0.0046

EPSS Percentile 63.8%

Classification

CWE

CWE-89

Status draft

Affected Products (15)

drupal/aggregation_module

drupal/drupal

Timeline

Published Jul 03, 2008

Tracked Since Feb 18, 2026