CVE-2008-3223
Drupal 6.x < 6.3 - SQL Injection via Numeric Field Placeholder
Title source: llmDescription
SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/30168
Patch, Vendor Advisory x_refsource_confirm
http://drupal.org/node/280571
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43705
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=454849
Third Party Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31079
Third Party Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/07/10/3
Third Party Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html
Scores
EPSS
0.0130
EPSS Percentile
80.0%
Details
CWE
CWE-89
Status
published
Products (3)
drupal/drupal
6.0 - 6.3
fedoraproject/fedora
8
fedoraproject/fedora
9
Published
Jul 18, 2008
Tracked Since
Feb 18, 2026