CVE-2008-2999

Description

Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

Affected products

• Drupal / aggregation_module3.0 – 3.0
• Drupal / aggregation_module3.1 – 3.1
• Drupal / aggregation_module3.2 – 3.2
• Drupal / aggregation_module4.0 – 4.0
• Drupal / aggregation_module4.1 – 4.1
• Drupal / aggregation_module4.2 – 4.2
• Drupal / aggregation_module4.3 – 4.3
• Drupal / Drupal5.0 – 5.0
• Drupal / Drupal5.1 – 5.1
• Drupal / Drupal5.1_rev1.1 – 5.1_rev1.1
• Drupal / Drupal5.2 – 5.2
• Drupal / Drupal5.3 – 5.3
• Drupal / Drupal5.4 – 5.4
• Drupal / Drupal5.5. – 5.5.
• Drupal / Drupal5.7 – 5.7

References

• MISChttp://drupal.org/node/269479
• MISChttp://www.securityfocus.com/bid/29677
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/43010
• VENDOR_ADVISORYhttp://secunia.com/advisories/30618