Vulnerabilities > Drupal > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-12-10 | CVE-2007-6299 | Improper Input Validation vulnerability in Drupal Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2) ajaxLoader, and (3) ubrowser contributed modules. | 7.5 |
| 2007-07-11 | CVE-2007-3690 | Security Bypass vulnerability in Drupal The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments. | 7.8 |
| 2007-07-11 | CVE-2007-3689 | Security Bypass vulnerability in Drupal The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments. | 7.8 |
| 2007-04-22 | CVE-2007-2160 | Cross-Site Request Forgery vulnerability in Drupal Database Administration Module 4.6/4.7 Multiple cross-site request forgery (CSRF) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to perform unauthorized actions as an arbitrary user, a related issue to CVE-2006-5476. | 7.5 |
| 2007-02-21 | CVE-2007-1035 | Remote Command Execution vulnerability in Drupal Audio And MediaField Modules GetID3 Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors. | 7.5 |
| 2007-02-21 | CVE-2007-1033 | Security Bypass vulnerability in Drupal Secure Site Module 4.7/5.0 Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and 5.x-1.x-dev module for Drupal allows remote attackers to bypass access restrictions via a crafted URL. | 7.5 |
| 2007-01-26 | CVE-2007-0505 | Multiple vulnerability in Drupal Project and Project Issues Tracking Modules Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue. network drupal | 8.5 |
| 2006-12-14 | CVE-2006-6530 | SQL-Injection vulnerability in Help Tip Module SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2006-12-14 | CVE-2006-6529 | Information Disclosure vulnerability in Drupal Chatroom Module 4.7 The Chatroom Module before 4.7.x.-1.0 for Drupal displays private messages in a chatroom's last messages overview, which allows remote attackers to obtain sensitive information by reading the overview. | 7.5 |
| 2006-12-14 | CVE-2006-6528 | Remote Security vulnerability in Chatroom Module The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts Chatroom visitors' session IDs to all participants, which allows remote attackers to hijack sessions and gain privileges. | 7.5 |