Vulnerabilities > Drupal > Mailhandler > High

DATE CVE VULNERABILITY TITLE RISK
2008-09-24 CVE-2008-4148 SQL Injection vulnerability in Drupal Mailhandler
SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API.
network
low complexity
drupal CWE-89
7.5