All the vulnerabilites related to drupal - views
cve-2008-6020
Vulnerability from cvelistv5
Published
2009-02-02 21:29
Modified
2024-08-07 11:13
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "an exposed filter on CCK text fields."
References
| ▼ | URL | Tags |
|---|---|---|
| http://drupal.org/node/348321 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/32895 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/33225 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/50795 | vdb-entry, x_refsource_OSVDB | |
| https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01024.html | vendor-advisory, x_refsource_FEDORA | |
| http://secunia.com/advisories/33289 | third-party-advisory, x_refsource_SECUNIA | |
| http://drupal.org/node/347831 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/47454 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:13:13.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/348321"
},
{
"name": "32895",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32895"
},
{
"name": "33225",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33225"
},
{
"name": "50795",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50795"
},
{
"name": "FEDORA-2008-11519",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01024.html"
},
{
"name": "33289",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33289"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/347831"
},
{
"name": "views-cck-sql-injection(47454)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47454"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to \"an exposed filter on CCK text fields.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/348321"
},
{
"name": "32895",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32895"
},
{
"name": "33225",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33225"
},
{
"name": "50795",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50795"
},
{
"name": "FEDORA-2008-11519",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01024.html"
},
{
"name": "33289",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33289"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/347831"
},
{
"name": "views-cck-sql-injection(47454)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47454"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to \"an exposed filter on CCK text fields.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/348321",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/348321"
},
{
"name": "32895",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32895"
},
{
"name": "33225",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33225"
},
{
"name": "50795",
"refsource": "OSVDB",
"url": "http://osvdb.org/50795"
},
{
"name": "FEDORA-2008-11519",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01024.html"
},
{
"name": "33289",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33289"
},
{
"name": "http://drupal.org/node/347831",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/347831"
},
{
"name": "views-cck-sql-injection(47454)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47454"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6020",
"datePublished": "2009-02-02T21:29:00",
"dateReserved": "2009-02-02T00:00:00",
"dateUpdated": "2024-08-07T11:13:13.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2076
Vulnerability from cvelistv5
Published
2009-06-16 19:00
Modified
2024-09-16 22:41
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. NOTE: vector 2 is only exploitable by users with administer views permissions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lampsecurity.org/drupal-views-xss-vulnerability | x_refsource_MISC | |
| http://drupal.org/node/488082 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/35304 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/35425 | third-party-advisory, x_refsource_SECUNIA | |
| http://drupal.org/node/488068 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:36:20.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lampsecurity.org/drupal-views-xss-vulnerability"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/488082"
},
{
"name": "35304",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35304"
},
{
"name": "35425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35425"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/488068"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. NOTE: vector 2 is only exploitable by users with administer views permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-06-16T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lampsecurity.org/drupal-views-xss-vulnerability"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/488082"
},
{
"name": "35304",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35304"
},
{
"name": "35425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35425"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/488068"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. NOTE: vector 2 is only exploitable by users with administer views permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lampsecurity.org/drupal-views-xss-vulnerability",
"refsource": "MISC",
"url": "http://lampsecurity.org/drupal-views-xss-vulnerability"
},
{
"name": "http://drupal.org/node/488082",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/488082"
},
{
"name": "35304",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35304"
},
{
"name": "35425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35425"
},
{
"name": "http://drupal.org/node/488068",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/488068"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2076",
"datePublished": "2009-06-16T19:00:00Z",
"dateReserved": "2009-06-16T00:00:00Z",
"dateUpdated": "2024-09-16T22:41:14.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2009-06-16 19:30
Modified
2024-11-21 01:04
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. NOTE: vector 2 is only exploitable by users with administer views permissions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:views:6.x-2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB48B703-BFDC-4BC2-AADB-1D5877BD6F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:views:6.x-2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4CAFA5-CB7B-475B-9278-2C5576934FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:views:6.x-2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "258F8CAF-E1A5-43D8-B515-4C5A5E541CC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:views:6.x-2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E67C9A56-E67D-4517-8956-4354D62A506B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:views:6.x-2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8E28C97B-E461-4CC7-9751-EBF46B93F84F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:views:6.x-2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA2AF1A-C62A-4AEB-8704-E9671C9285E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. NOTE: vector 2 is only exploitable by users with administer views permissions."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Views v6.x anteriores a v6.x-2.6, un modulo de Drupal, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrariamente a trav\u00e9s de (1) filtros que se muestran en la interfaz administrativa de usuario Views y el (2) par\u00e1metro \"view name\" en la caracter\u00edstica de personalizar vistas. NOTA: vector 2 es \u00fanicamente explotable por usuarios con permisos administrativos de vistas."
}
],
"id": "CVE-2009-2076",
"lastModified": "2024-11-21T01:04:04.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-16T19:30:00.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/488068"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/488082"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://lampsecurity.org/drupal-views-xss-vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35425"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/488068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/488082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://lampsecurity.org/drupal-views-xss-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35304"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-02 22:00
Modified
2024-11-21 00:55
Severity ?
Summary
SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "an exposed filter on CCK text fields."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:views:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2CE6D7-BD72-4864-9F9B-5ACE8DA2D50A",
"versionEndIncluding": "6.x-2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:views:6.x-2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB48B703-BFDC-4BC2-AADB-1D5877BD6F79",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to \"an exposed filter on CCK text fields.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo Views del gestor de contenidos Drupal en las versiones v6.x anteriores a la v6.x-2.2. Permite a los usuarios remotos ejecutar c\u00f3digo arbitrario SQL a trav\u00e9s de vectores de ataque desconocidos relacionados con un filtro vulnerable en los campos de texto CCK."
}
],
"id": "CVE-2008-6020",
"lastModified": "2024-11-21T00:55:27.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-02T22:00:00.280",
"references": [
{
"source": "cve@mitre.org",
"url": "http://drupal.org/node/347831"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/348321"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50795"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33225"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33289"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32895"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47454"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://drupal.org/node/347831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/348321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01024.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}