Drupal : “Date” module SQL Injection

January 11, 2012 By

source
 Version/Dependency
 Developer Link
 Severity
Information At A Glance
  
drupal.org/node/1401434
   Date Mod 6.x-2.x versions prior to 6.x-2.8 drupal.org/node/1401026
 Moderately Critical

 

 

 

 

Summary:

The attacker must have specific a specific role to "administer Data Tools". Please see the listed SOURCE page for more information.
 

What do I do to fix this?

Upgrade to the latest version. Which can be found here.

 

Reported by: Greg Knaddison

Filed Under: CMS, Drupal, Latest SalvusAlerts Tagged With: ,