SQL Injection Vulnerability in Date Module for Drupal

SQL Injection Vulnerability in Date Module for Drupal

CVE-2012-1626 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to execute arbitrary SQL commands via unspecified vectors.

Learn more about our User Device Pen Test.