CVE-2008-4148

SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
drupalmailhandler
𝑥
≤ 5.x-1.3
drupalmailhandler
𝑥
≤ 6.x-1.3
drupalmailhandler
5.x-1.0:x
drupalmailhandler
5.x-1.1:x
drupalmailhandler
5.x-1.2:x
drupalmailhandler
5.x-1.x-dev:x
drupalmailhandler
6.x-1.0:x
drupalmailhandler
6.x-1.1:x
drupalmailhandler
6.x-1.2:x
drupalmailhandler
6.x-1.x-dev:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/309769
http://secunia.com/advisories/31877
http://www.securityfocus.com/bid/31230
http://www.vupen.com/english/advisories/2008/2616
https://exchange.xforce.ibmcloud.com/vulnerabilities/45216
http://drupal.org/node/309769
http://secunia.com/advisories/31877
http://www.securityfocus.com/bid/31230
http://www.vupen.com/english/advisories/2008/2616
https://exchange.xforce.ibmcloud.com/vulnerabilities/45216