CVE-2009-1034

Drupal Tasklist < 5.x-1.3 and 5.x-2.x < 5.x-2.0-alpha1 - SQL Injection via URI Values

Title source: llm
STIX 2.1

Description

SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via values in the URI.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49320
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34171
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/52781
Patch, Vendor Advisory x_refsource_confirm
http://drupal.org/node/406316
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34376

Scores

EPSS 0.0046
EPSS Percentile 64.3%

Details

CWE
CWE-89
Status published
Products (1)
drupal/tasklist < 5.x-1.x
Published Mar 20, 2009
Tracked Since Feb 18, 2026