What is the severity of CVE-2009-1505?

CVE-2009-1505 has been assigned a moderate severity rating due to the potential for remote code execution via SQL injection.

How do I fix CVE-2009-1505?

To fix CVE-2009-1505, update the News Page module to version 5.x-1.2 or later.

Who is affected by CVE-2009-1505?

CVE-2009-1505 affects remote authenticated users with create and edit privileges on News Page nodes in Drupal.

What is the impact of CVE-2009-1505?

The impact of CVE-2009-1505 allows attackers to execute arbitrary SQL commands, potentially compromising the database.

Is CVE-2009-1505 a critical vulnerability?

CVE-2009-1505 is not classified as critical, but it poses a significant risk if exploited by authenticated users.

Vulnerability/
CVE-2009-1505

medium

6.5

CWE

1/5/2009

7/8/2024

CVE-2009-1505: SQL Injection

First published: Fri May 01 2009(Updated: )

SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 for Drupal allows remote authenticated users, with News Page nodes create and edit privileges, to execute arbitrary SQL commands via the Include Words (aka keywords) field.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Drupal Drupal
Drupal News Page	=5.x-1.1
Drupal News Page	=5.x-1.x

Remedy

http://drupal.org/node/449014

Remedy

http://www.securityfocus.com/bid/34777

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-1505?
CVE-2009-1505 has been assigned a moderate severity rating due to the potential for remote code execution via SQL injection.
How do I fix CVE-2009-1505?
To fix CVE-2009-1505, update the News Page module to version 5.x-1.2 or later.
Who is affected by CVE-2009-1505?
CVE-2009-1505 affects remote authenticated users with create and edit privileges on News Page nodes in Drupal.
What is the impact of CVE-2009-1505?
The impact of CVE-2009-1505 allows attackers to execute arbitrary SQL commands, potentially compromising the database.
Is CVE-2009-1505 a critical vulnerability?
CVE-2009-1505 is not classified as critical, but it poses a significant risk if exploited by authenticated users.

collector/nvd-historical
collector/nvd-index
agent/references
agent/type
agent/softwarecombine
agent/remedy
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/weakness
agent/author
agent/description
agent/tags
agent/first-publish-date
agent/event
agent/source
vendor/drupal
canonical/drupal drupal
canonical/drupal news page
version/drupal news page/5.x-1.1
version/drupal news page/5.x-1.x

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2009-1505?
CVE-2009-1505 has been assigned a moderate severity rating due to the potential for remote code execution via SQL injection.
How do I fix CVE-2009-1505?
To fix CVE-2009-1505, update the News Page module to version 5.x-1.2 or later.
Who is affected by CVE-2009-1505?
CVE-2009-1505 affects remote authenticated users with create and edit privileges on News Page nodes in Drupal.
What is the impact of CVE-2009-1505?
The impact of CVE-2009-1505 allows attackers to execute arbitrary SQL commands, potentially compromising the database.
Is CVE-2009-1505 a critical vulnerability?
CVE-2009-1505 is not classified as critical, but it poses a significant risk if exploited by authenticated users.