CVE-2008-3223 Information

Description

SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to \an inappropriate placeholder for ’numeric’ fields.\

Reference

http://drupal.org/node/280571 http://secunia.com/advisories/31079 http://www.openwall.com/lists/oss-security/2008/07/10/3 http://www.securityfocus.com/bid/30168 https://bugzilla.redhat.com/show_bug.cgi?id=454849 https://exchange.xforce.ibmcloud.com/vulnerabilities/43705 https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html