Vulnerability Details CVE-2007-0507
SQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.6%
CVSS Severity
CVSS v2 Score 6.0
References
- http://drupal.org/node/112145
- http://osvdb.org/32132
- http://secunia.com/advisories/23895
- http://www.securityfocus.com/bid/22202
- http://www.vupen.com/english/advisories/2007/0313
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31724
- http://drupal.org/node/112145
- http://osvdb.org/32132
- http://secunia.com/advisories/23895
- http://www.securityfocus.com/bid/22202
- http://www.vupen.com/english/advisories/2007/0313
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31724