The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[DRUPAL-SA-2006-005] Drupal 4.6.7 / 4.7.1 fixes SQL injection issue


<< Previous INDEX Search src / Print Next >> 
Date: Fri, 2 Jun 2006 20:30:11 +0200
From: Uwe Hermann <uwe@hermann-uwe.de.>
To: [email protected], [email protected],
Subject: [DRUPAL-SA-2006-005] Drupal 4.6.7 / 4.7.1 fixes SQL injection issue
Message-ID: <20060602183011.GA26837@aragorn.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="EVF5PPMfhYS0aIcm"
Content-Disposition: inline
User-Agent: Mutt/1.5.11+cvs20060403
X-Virus-Scanned: antivirus-gw at tyumen.ru


--EVF5PPMfhYS0aIcm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

----------------------------------------------------------------------------
Drupal security advisory                                  DRUPAL-SA-2006-005
Advisory ID:    DRUPAL-SA-2006-005
Project:        Drupal core
Date:           2006-05-24
Security risk:  highly critical
Impact:         Drupal core
Where:          from remote
Vulnerability:  SQL injection
----------------------------------------------------------------------------

Description

A security vulnerability in the database layer allowed certain queries to be
submitted to the database without going through Drupal's query sanitizer.

This problem represents a critical security vulnerability and should be pat=
ched
or upgraded immediately.

Versions affected
All Drupal versions before 4.6.7 and 4.7.1.

Solution
If you are running Drupal 4.6.x then upgrade to Drupal 4.6.7.
If you are running Drupal 4.7.0 then upgrade to Drupal 4.7.1.

Contact
The security contact for Drupal can be reached at [email protected]
or using the form at http://drupal.org/contact.
More information is available from http://drupal.org/security or from
our security RSS feed http://drupal.org/security/rss.xml.


// Uwe Hermann, on behalf of the Drupal Security Team.
--=20
Uwe Hermann=20
http://www.hermann-uwe.de
http://www.it-services-uh.de  | http://www.crazy-hacks.org=20
http://www.holsham-traders.de | http://www.unmaintained-free-software.org

--EVF5PPMfhYS0aIcm
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEgIOzXdVoV3jWIbQRAj2MAKCL9zug6ymftZ7tjyuKD3bLN0Ck+wCeND19
37VDHJ7oTraRaZL8x3/Ze+g=
=Oj4U
-----END PGP SIGNATURE-----

--EVF5PPMfhYS0aIcm--

<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей 		Created 1996-2025 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру