CVE-2008-4148

EUVD-2008-4131
SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
drupalmailhandler
𝑥
≤ 5.x-1.3
drupalmailhandler
𝑥
≤ 6.x-1.3
drupalmailhandler
5.x-1.0:x
drupalmailhandler
5.x-1.1:x
drupalmailhandler
5.x-1.2:x
drupalmailhandler
5.x-1.x-dev:x
drupalmailhandler
6.x-1.0:x
drupalmailhandler
6.x-1.1:x
drupalmailhandler
6.x-1.2:x
drupalmailhandler
6.x-1.x-dev:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/309769
http://secunia.com/advisories/31877
http://www.securityfocus.com/bid/31230
http://www.vupen.com/english/advisories/2008/2616
https://exchange.xforce.ibmcloud.com/vulnerabilities/45216
http://drupal.org/node/309769
http://secunia.com/advisories/31877
http://www.securityfocus.com/bid/31230
http://www.vupen.com/english/advisories/2008/2616
https://exchange.xforce.ibmcloud.com/vulnerabilities/45216