CVE-2011-2715
CRITICALDrupal Data - SQL Injection
Title source: ruleDescription
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.
Scores
CVSS v3
9.8
EPSS
0.0062
EPSS Percentile
69.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-89
Status
published
Affected Products (3)
drupal/data
drupal/drupal
drupal/core
Packagist
Timeline
Published
Jan 14, 2020
Tracked Since
Feb 18, 2026