cve-2011-4113
Vulnerability from cvelistv5
Published
2012-02-17 23:00
Modified
2024-08-07 00:01
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of views with specific configurations of arguments."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:50.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20111104 Re: CVE Request -- Drupal (v6.x based) Views module - SQL injection due improper escaping of database parameters for certain filters / arguments (SA-CONTRIB-2011-052)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/04/3"
},
{
"name": "views-filters-sql-injection(71124)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71124"
},
{
"name": "50500",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50500"
},
{
"name": "FEDORA-2011-15399",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069499.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1329898"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1329842"
},
{
"name": "76809",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/76809"
},
{
"name": "46680",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46680"
},
{
"name": "46962",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46962"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to \"filters/arguments on certain types of views with specific configurations of arguments.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20111104 Re: CVE Request -- Drupal (v6.x based) Views module - SQL injection due improper escaping of database parameters for certain filters / arguments (SA-CONTRIB-2011-052)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/04/3"
},
{
"name": "views-filters-sql-injection(71124)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71124"
},
{
"name": "50500",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50500"
},
{
"name": "FEDORA-2011-15399",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069499.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1329898"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1329842"
},
{
"name": "76809",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/76809"
},
{
"name": "46680",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46680"
},
{
"name": "46962",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46962"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4113",
"datePublished": "2012-02-17T23:00:00",
"dateReserved": "2011-10-18T00:00:00",
"dateUpdated": "2024-08-07T00:01:50.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2011-4113\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2012-02-17T23:55:01.823\",\"lastModified\":\"2017-08-29T01:30:27.583\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to \\\"filters/arguments on certain types of views with specific configurations of arguments.\\\"\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo Views antes de v6.x-2.13 para Drupal permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores relacionados con \\\"filtros o argumentos en ciertos tipos de vistas con configuraciones espec\u00edficas de los argumentos.\\\"\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":7.5},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.x-2.12\",\"matchCriteriaId\":\"9BBFBA5D-3044-4118-8D73-DA6D768288C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:4.7.x-1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6E7BCFD-99B1-4180-9A8F-A544F7C7F40B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:4.7.x-1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5123C1EA-4795-4979-89DB-BC0920E6AAD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:4.7.x-1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89A32A9D-E9B0-44E0-809D-E8EF8D82B388\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:4.7.x-1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"213AC1A6-86AC-42CC-9F09-59C2CAB20427\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:4.7.x-1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26781FC3-79A3-41B2-8EDE-C3FA3EE259DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:4.7.x-1.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEF36306-6820-4356-85D0-1F44942F6C3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:4.7.x-1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F45DE2C2-DBB4-4DFD-909F-FBE579FE3683\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:4.7.x-1.6:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"90AF5208-93A6-4184-93AA-DB2C18366166\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:4.7.x-1.6:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4F44533-BB65-4F2F-B6B5-1425372E45A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:4.7.x-1.6:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA146854-A9D1-4C50-879B-8824161B9569\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:4.7.x-1.6:beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AEFA40F-157B-4269-8135-9502D71066CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:4.7.x-1.x:dev:*:*:*:*:*:*\",\"matchCriteriaId\":\"3453B768-E5E1-4E2B-8EA6-679E5B8C778F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:4.7.x1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E23FDC7F-D160-4682-A663-9A8809E5B96D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:5.x-1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34AB17C2-9DBD-49D8-8EBF-208A902B7176\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:5.x-1.1:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2205109-F701-43DC-94DB-73C28C75A1CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:5.x-1.2:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6DD2298-F066-449C-B9D9-46817A9AECAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:5.x-1.3:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"93681FAF-B82F-46CF-9F50-E42CC5EF1D4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:5.x-1.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F29B9BE4-BC58-4E92-8ECE-A46CBE549767\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:5.x-1.4-2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4127642-AFFD-4784-9BFC-3108019E0C69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:5.x-1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27258111-CF8D-4C7B-B5AF-31D9056B510C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:5.x-1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59F6409C-1FE4-4B37-A753-5292BB509ED4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:5.x-1.6:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"3144F972-7CAD-4C64-97AE-B11DAD51B2A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:5.x-1.6:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"04271939-48BF-4A0C-9914-8CAD3A25BCD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:5.x-1.6:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2CC27B6-7917-46A7-B5F2-7B89412612F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:5.x-1.6:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCC39B79-DAC0-44CF-A6D5-98D2CA256E79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:5.x-1.6:beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C1453D3-A2EB-4953-8B97-8379924533EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:5.x-1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C00DB21E-4BAC-4036-BA2C-370B90C5483C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:5.x-1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB9595EC-4A80-423F-9F8A-BD2A98E1DB39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:5.x-1.x:dev:*:*:*:*:*:*\",\"matchCriteriaId\":\"70392018-B2C4-4925-A102-82FFBD387F02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:6.x-2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"723CC4D3-D399-4880-8481-60F3FEF1FFE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:6.x-2.0:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5D8158B-BF12-463D-B410-552EDBC79B5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:6.x-2.0:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DEF719-AD09-44E3-9737-6AF57CADF00A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:6.x-2.0:alpha3:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA3B844E-78F5-4F7E-9D2D-D08FF1242C74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:6.x-2.0:alpha4:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF58ED93-F893-4211-BC53-BD94A2EF279C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:6.x-2.0:alpha5:*:*:*:*:*:*\",\"matchCriteriaId\":\"F88C9C62-313C-4718-B62A-F1D9E8123F78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:6.x-2.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A46A7210-26A5-4DA7-9E95-C133765C3BEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:6.x-2.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF777569-5908-4A77-8514-00AFBAF2C997\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:6.x-2.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C14B6F5B-27B5-4F3D-8C59-681AB65432F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:6.x-2.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"9865BBC0-C8DC-4DD0-9830-20F5084B972E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:6.x-2.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"20BBDDF8-1F27-4978-970C-B5EC4EC8FD76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:6.x-2.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"35A0AB0B-7C1A-408E-AF66-E85238D12000\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:6.x-2.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"241074B2-9049-4E4F-88FD-E1C0C4412237\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:6.x-2.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"B437A087-BB90-4095-8752-CA5F974903FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:6.x-2.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC0F3172-467B-47B3-808B-083672889C93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:6.x-2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A01CB62-C863-4C9B-806A-4E45A69105C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:6.x-2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47BD9BBC-E6B3-4D93-8925-3A618199A438\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:6.x-2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39CC1184-1228-4A99-B9FC-BD26F0E5B9AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:6.x-2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7238F706-ED76-4126-A14A-F63D3B5E8041\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:6.x-2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD82720C-B0E4-4EFE-916E-01F2373FA223\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:6.x-2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5833EF80-9FCD-484E-9D15-54113E2644AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:6.x-2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E017E0E-64B4-4347-BBA8-AA23513CB46A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:6.x-2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6152FFF1-8E7D-4A3A-9235-A97CB0AA6E8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:6.x-2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F83D0DF-132D-463A-B6F7-5804038BAB7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:6.x-2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"546BE182-8B9F-4249-A489-36E5AEF80905\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:6.x-2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"299337E9-E341-422B-AA11-592F440CA3FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:earl_miles:views:6.x-2.x:dev:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CE30269-9E83-4085-A286-3AAC79402776\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"799CA80B-F3FA-4183-A791-2071A7DA1E54\"}]}]}],\"references\":[{\"url\":\"http://drupal.org/node/1329842\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://drupal.org/node/1329898\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069499.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/46680\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/46962\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/11/04/3\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.osvdb.org/76809\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/50500\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/71124\",\"source\":\"secalert@redhat.com\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.