Weakness Name | Source | |
---|---|---|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Metrics | Score | Severity | CVSS Vector | Source |
---|---|---|---|---|
V2 | 6 | AV:N/AC:M/Au:S/C:P/I:P/A:P | nvd@nist.gov |
Drupal>>Storm >> Version 5.x-1.1
Drupal>>Storm >> Version 5.x-1.2
Drupal>>Storm >> Version 5.x-1.3
Drupal>>Storm >> Version 5.x-1.4
Drupal>>Storm >> Version 5.x-1.5
Drupal>>Storm >> Version 5.x-1.6
Drupal>>Storm >> Version 5.x-1.7
Drupal>>Storm >> Version 5.x-1.8
Drupal>>Storm >> Version 5.x-1.9
Drupal>>Storm >> Version 5.x-1.10
Drupal>>Storm >> Version 5.x-1.11
Drupal>>Storm >> Version 5.x-1.12
Drupal>>Storm >> Version 5.x-1.13
Drupal>>Storm >> Version 5.x-1.x-dev
Drupal>>Storm >> Version 6.x-1.0
Drupal>>Storm >> Version 6.x-1.1
Drupal>>Storm >> Version 6.x-1.2
Drupal>>Storm >> Version 6.x-1.3
Drupal>>Storm >> Version 6.x-1.4
Drupal>>Storm >> Version 6.x-1.5
Drupal>>Storm >> Version 6.x-1.6
Drupal>>Storm >> Version 6.x-1.7
Drupal>>Storm >> Version 6.x-1.8
Drupal>>Storm >> Version 6.x-1.9
Drupal>>Storm >> Version 6.x-1.10
Drupal>>Storm >> Version 6.x-1.11
Drupal>>Storm >> Version 6.x-1.12
Drupal>>Storm >> Version 6.x-1.13
Drupal>>Storm >> Version 6.x-1.14
Drupal>>Storm >> Version 6.x-1.15
Drupal>>Storm >> Version 6.x-1.16
Drupal>>Storm >> Version 6.x-1.17
Drupal>>Storm >> Version 6.x-1.x-dev
Drupal>>Drupal >> Version *