Vulnerabilities > Drupal > High

DATE CVE VULNERABILITY TITLE RISK
2012-06-27 CVE-2012-2730 Permissions, Privileges, and Access Controls vulnerability in Alexis Wilke Protected Node
The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions.
network
low complexity
alexis-wilke drupal CWE-264
7.5
2012-06-21 CVE-2012-2718 SQL Injection vulnerability in Drupal-Id Counter Module 6.0
SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "recording visits."
network
low complexity
drupal-id drupal CWE-89
7.5
2012-02-17 CVE-2011-4113 SQL Injection vulnerability in Earl Miles Views
SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of views with specific configurations of arguments."
network
low complexity
earl-miles drupal CWE-89
7.5
2011-07-27 CVE-2011-2687 Permissions, Privileges, and Access Controls vulnerability in Drupal 7.0/7.1/7.2
Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table.
network
low complexity
drupal CWE-264
7.5
2011-04-10 CVE-2011-1663 SQL Injection vulnerability in Icanlocalize Translation Management
SQL injection vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
icanlocalize drupal CWE-89
7.5
2010-09-16 CVE-2010-3423 SQL Injection vulnerability in Freka YR Verdata
SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x before 6.x-1.6 allows remote attackers to execute arbitrary SQL commands via the sorting method.
network
low complexity
freka drupal CWE-89
7.5
2009-12-11 CVE-2009-4296 SQL Injection vulnerability in Brian Miller Taxonomy Timer
SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earlier for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
brian-miller drupal CWE-89
7.5
2009-11-20 CVE-2009-4044 Permissions, Privileges, and Access Controls vulnerability in Bruno Massa web Services 6.X1.0
The Web Services module 6.x for Drupal does not perform the expected access control, which allows remote attackers to make unspecified use of an API via unknown vectors.
network
low complexity
bruno-massa drupal CWE-264
7.5
2009-10-26 CVE-2009-3778 SQL Injection vulnerability in Adam Gerson Moodle Courselist 6.X1.2
SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
adam-gerson drupal CWE-89
7.5
2009-08-06 CVE-2008-6910 Cryptographic Issues vulnerability in Marc Ingram Services
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request.
network
low complexity
drupal marc-ingram CWE-310
7.5