CVE-2009-4296

Description

SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earlier for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Affected products

• brian_miller / taxonomy_timer5.x-1.8
• brian_miller / taxonomy_timer5.x-0.1 – 5.x-0.1
• brian_miller / taxonomy_timer5.x-1.0 – 5.x-1.0
• brian_miller / taxonomy_timer5.x-1.0beta1 – 5.x-1.0beta1
• brian_miller / taxonomy_timer5.x-1.1 – 5.x-1.1
• brian_miller / taxonomy_timer5.x-1.2 – 5.x-1.2
• brian_miller / taxonomy_timer5.x-1.3 – 5.x-1.3
• brian_miller / taxonomy_timer5.x-1.4 – 5.x-1.4
• brian_miller / taxonomy_timer5.x-1.6 – 5.x-1.6
• brian_miller / taxonomy_timer5.x-1.7 – 5.x-1.7

References

• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2009/3388
• MISChttp://drupal.org/node/649396
• VENDOR_ADVISORYhttp://secunia.com/advisories/37573
• MISChttp://drupal.org/node/641050
• MISChttp://www.securityfocus.com/bid/37189
• MISChttp://drupal.org/node/641064