CVE-2011-2715
CRITICALDrupal Data 6.x-1.0-alpha14 - SQL Injection via Table or Column Name
Title source: llmDescription
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2011/07/26/8
Patch, Vendor Advisory x_refsource_misc
https://www.drupal.org/node/1056470
Scores
CVSS v3
9.8
EPSS
0.0050
EPSS Percentile
66.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (3)
drupal/core
Packagist
drupal/data
6.x-1.0 alpha14
drupal/drupal
6.20
Published
Jan 14, 2020
Tracked Since
Feb 18, 2026