SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x before 6.x-1.6 allows remote attackers to execute arbitrary SQL commands via the sorting method.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freka | yr_verdata | 6.x-1.5 |
| freka | yr_verdata | 6.x-1.4 |
| freka | yr_verdata | 6.x-1.0 |
| freka | yr_verdata | 6.x-1.1 |