Categories

Applications (282)
Blogs (7)
Content Management (190)
Customer Relationship (4)
Discussion Boards (41)
E-Commerce (15)
General Purpose Directories (2)
Image Galleries (21)
Mailing Lists (1)
Tips (3)
Vulnerabilities (393)
Access Bypass (64)
Cross Site Scripting (147)
Denial Of Service (2)
File Inclusion (55)
Information Disclosure (15)
Privilege Escalation (3)
Remote Command Execution (18)
Session Hijacking (2)
SQL Injection (150)
« Drupal Tinytax taxonomy block Script Insertion
Moodle KSES HTML Filter Bypass »

Drupal Taxonomy Autotagger SQL Injection and Script Insertion

Published by TL Guan July 17th, 2008 in Content Management, Cross Site Scripting and SQL Injection.

Application: Drupal
Affected Version: prior to 5.x-1.8
Vendor’s URL: Drupal Taxonomy Autotagger
Bug Type: SQL Injection and Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 5.x-1.8.
http://drupal.org/node/277684

Subscribe

Latest

Archives



Valid XHTML 1.0 Transitional