Vulnerabilities > Drupal > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-10-16 | CVE-2014-3704 | SQL Injection vulnerability in multiple products The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys. | 7.5 |
| 2014-01-24 | CVE-2014-1475 | Multiple Security vulnerability in Drupal Core The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors. | 7.5 |
| 2013-08-28 | CVE-2013-2247 | Permissions, Privileges, and Access Controls vulnerability in Fast Permissions Administration Project Fast Permission Administration The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers to obtain unspecified access to the permissions edit form. | 7.5 |
| 2012-12-26 | CVE-2012-5590 | SQL Injection vulnerability in Scripthead Webmail Plus SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2012-12-03 | CVE-2012-5550 | SQL Injection vulnerability in Carlos Carvalhar Time Spent 6.X2.X/7.X2.X SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2012-11-30 | CVE-2012-4479 | SQL Injection vulnerability in David Alkire Drag & Drop Gallery 6.X1.5 SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2012-11-30 | CVE-2012-4470 | Permissions, Privileges, and Access Controls vulnerability in Philip Ludlam Listhandler 6.X1.0 The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not properly check permissions when importing emails, which allows remote comment authors to bypass access restrictions and possibly have other unspecified impact. | 7.5 |
| 2012-11-02 | CVE-2012-4498 | Permissions, Privileges, and Access Controls vulnerability in Morbus IFF Activism 6.X2.0/6.X2.X The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properly restrict access to the "Campaign" content type, which might allow remote attackers to bypass access restrictions and possibly have other unspecified impact. | 7.5 |
| 2012-07-25 | CVE-2012-2306 | SQL Injection vulnerability in Drupal SQL injection vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2012-07-18 | CVE-2012-2303 | Permissions, Privileges, and Access Controls vulnerability in Florian Weber Spaces The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module. | 7.5 |