6.x.2.0

DATE	CVE	VULNERABILITY TITLE	RISK
2012-09-20	CVE-2012-1626	SQL Injection vulnerability in Karen Stevenson Date SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to execute arbitrary SQL commands via unspecified vectors. network drupal karen-stevenson CWE-89	6.0

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.