FreeBSD : drupal -- SQL injection vulnerability (fa708908-a8c7-11dc-b41d-000fb5066b20)

This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

The Drupal Project reports :

The function taxonomy_select_nodes() directly injects variables into
SQL queries instead of using placeholders. While taxonomy module
itself validates the input passed to taxonomy_select_nodes(), this is
a weakness in Drupal core. Several contributed modules, such as
taxonomy_menu, ajaxLoader, and ubrowser, directly pass user input to
taxonomy_select_nodes(), enabling SQL injection attacks by anonymous

See also :

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 29690 (freebsd_pkg_fa708908a8c711dcb41d000fb5066b20.nasl)

Bugtraq ID:

CVE ID: CVE-2007-6299

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now