What is the severity of CVE-2015-6659?

CVE-2015-6659 is considered a critical vulnerability due to its potential to allow arbitrary SQL execution by remote attackers.

How do I fix CVE-2015-6659?

To fix CVE-2015-6659, update your Drupal installation to version 7.39 or later.

Which versions of Drupal are affected by CVE-2015-6659?

CVE-2015-6659 affects all versions of Drupal 7.x prior to 7.39.

What type of vulnerability is CVE-2015-6659?

CVE-2015-6659 is an SQL injection vulnerability within Drupal's Database API.

Can CVE-2015-6659 be exploited remotely?

Yes, CVE-2015-6659 can be exploited remotely by attackers without authentication.

Vulnerability/
CVE-2015-6659

high

7.5

CWE

24/8/2015

6/8/2024

CVE-2015-6659: SQL Injection

First published: Mon Aug 24 2015(Updated: 8 months ago)

SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Drupal	=7.0
Drupal	=7.0-alpha1
Drupal	=7.0-alpha2
Drupal	=7.0-alpha3
Drupal	=7.0-alpha4
Drupal	=7.0-alpha5
Drupal	=7.0-alpha6
Drupal	=7.0-alpha7
Drupal	=7.0-beta1
Drupal	=7.0-beta2
Drupal	=7.0-beta3
Drupal	=7.0-dev
Drupal	=7.0-rc1
Drupal	=7.0-rc2
Drupal	=7.0-rc3
Drupal	=7.0-rc4
Drupal	=7.1
Drupal	=7.2
Drupal	=7.3
Drupal	=7.4
Drupal	=7.5
Drupal	=7.6
Drupal	=7.7
Drupal	=7.8
Drupal	=7.9
Drupal	=7.10
Drupal	=7.11
Drupal	=7.12
Drupal	=7.13
Drupal	=7.14
Drupal	=7.15
Drupal	=7.16
Drupal	=7.17
Drupal	=7.18
Drupal	=7.19
Drupal	=7.20
Drupal	=7.21
Drupal	=7.22
Drupal	=7.23
Drupal	=7.24
Drupal	=7.25
Drupal	=7.26
Drupal	=7.27
Drupal	=7.28
Drupal	=7.29
Drupal	=7.30
Drupal	=7.33
Drupal	=7.34
Drupal	=7.35
Drupal	=7.36
Drupal	=7.37
Drupal	=7.38
Drupal	=7.x-dev

Remedy

https://www.drupal.org/SA-CORE-2015-003

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-6659?
CVE-2015-6659 is considered a critical vulnerability due to its potential to allow arbitrary SQL execution by remote attackers.
How do I fix CVE-2015-6659?
To fix CVE-2015-6659, update your Drupal installation to version 7.39 or later.
Which versions of Drupal are affected by CVE-2015-6659?
CVE-2015-6659 affects all versions of Drupal 7.x prior to 7.39.
What type of vulnerability is CVE-2015-6659?
CVE-2015-6659 is an SQL injection vulnerability within Drupal's Database API.
Can CVE-2015-6659 be exploited remotely?
Yes, CVE-2015-6659 can be exploited remotely by attackers without authentication.

agent/type
agent/references
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/remedy
agent/author
agent/severity
agent/weakness
agent/first-publish-date
agent/description
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/drupal
canonical/drupal
version/drupal/7.0
version/drupal/7.0-alpha1
version/drupal/7.0-alpha2
version/drupal/7.0-alpha3
version/drupal/7.0-alpha4
version/drupal/7.0-alpha5
version/drupal/7.0-alpha6
version/drupal/7.0-alpha7
version/drupal/7.0-beta1
version/drupal/7.0-beta2
version/drupal/7.0-beta3
version/drupal/7.0-dev
version/drupal/7.0-rc1
version/drupal/7.0-rc2
version/drupal/7.0-rc3
version/drupal/7.0-rc4
version/drupal/7.1
version/drupal/7.2
version/drupal/7.3
version/drupal/7.4
version/drupal/7.5
version/drupal/7.6
version/drupal/7.7
version/drupal/7.8
version/drupal/7.9
version/drupal/7.10
version/drupal/7.11
version/drupal/7.12
version/drupal/7.13
version/drupal/7.14
version/drupal/7.15
version/drupal/7.16
version/drupal/7.17
version/drupal/7.18
version/drupal/7.19
version/drupal/7.20
version/drupal/7.21
version/drupal/7.22
version/drupal/7.23
version/drupal/7.24
version/drupal/7.25
version/drupal/7.26
version/drupal/7.27
version/drupal/7.28
version/drupal/7.29
version/drupal/7.30
version/drupal/7.33
version/drupal/7.34
version/drupal/7.35
version/drupal/7.36
version/drupal/7.37
version/drupal/7.38
version/drupal/7.x-dev