News Page

DATE	CVE	VULNERABILITY TITLE	RISK
2009-05-01	CVE-2009-1505	SQL Injection vulnerability in Drupal News Page 5.X1.1/5.X1.X SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 for Drupal allows remote authenticated users, with News Page nodes create and edit privileges, to execute arbitrary SQL commands via the Include Words (aka keywords) field. network low complexity drupal CWE-89	6.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.