Patch a drupal

SA-2007-031 - Drupal core - SQL Injection possible
when certain contributed modules are enabled Security announcements
Heine - December 5, 2007 - 20:38

* Advisory ID: DRUPAL-SA-2007-031
* Project: Drupal core
* Version: 4.7.x, 5.x
* Date: 2007-December-05
* Security risk: Moderately critical
* Exploitable from: Remote
* Vulnerability: SQL Injection

Description

The function taxonomy_select_nodes() directly injects variables into SQL queries instead of using placeholders. While taxonomy module itself validates the input passed to taxonomy_select_nodes(), this is a weakness in Drupal core. Several contributed modules, such as taxonomy_menu, ajaxLoader, and ubrowser, directly pass user input to taxonomy_select_nodes(), enabling SQL injection attacks by anonymous users.

To learn more about SQL injection, please read this article.
Versions affected

* Drupal 4.7.x before Drupal 4.7.9
* Drupal 5.x before Drupal 5.4
Solution

Install the latest version:

* If you are running Drupal 4.7.x then upgrade to Drupal 4.7.9.
* If you are running Drupal 5.x then upgrade to Drupal 5.4.
If you are unable to upgrade immediately, you can apply a patch to secure your installation until you are able to do a proper upgrade.

* To patch Drupal 4.7.8 use SA-2007-031-4.7.8.patch.
* To patch Drupal 5.3 use SA-2007-031-5.3.patch.
Reported by

* Nadid Skywalker
* Ivan Sergio Borgonovo

<  Arreglo en las fechas de los posts... | ¿Cómo se ve el sitio con..?  >