CVE-2010-3423 Information

Description

SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x before 6.x-1.6 allows remote attackers to execute arbitrary SQL commands via the sorting method.

Reference

http://drupal.org/node/606290 http://drupal.org/node/905686 http://secunia.com/advisories/41385 http://www.osvdb.org/67918 https://exchange.xforce.ibmcloud.com/vulnerabilities/61673