Vulnerabilities > CVE-2007-0507 - SQL Injection vulnerability in Drupal Acidfree 4.61.0/4.71.0

047910
CVSS 6.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
drupal

Summary

SQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles.

Vulnerable Configurations

Part Description Count
Application
Drupal
2