Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By Gerhard Killesreiter on
- Advisory ID: DRUPAL-SA-2006-012
- Project: Job Search
- Date: 2006-Aug-07
- Security risk: highly critical
- Exploitable from: remote
- Vulnerability: SQL injection
Description
It is possible for a malicious user to inject SQL while searching for jobs or resumes using the Job Search module.
Versions affected
Please check the CVS $Id$ field in the file job.module to determine whether the version you are running is vulnerable. All 4.6 versions older than the following are vulnerable:
// $Id: job.module,v 1.3.2.1 2006/08/01 03:49:12 kbahey Exp $
Drupal core is not affected. If you do not use the Job Search module, or only use the 4.7 version there is nothing you need to do.
Solution
Install the latest release of Job Search.
Reported by
dotan.
Contact
The security contact for Drupal can be reached at security at drupal.org or using the form at http://drupal.org/contact.