When the column expressions are created, the values from the database are not sufficiently escaped to prevent a potential SQL Injection attack. You should update your version of views_crosstab to a version created after this issue is fixed.
As per the Drupal security policy, this vulnerability was fixed in public because no views_crosstab release was final.
| Comment | File | Size | Author |
|---|---|---|---|
| #1 | views_crosstab-sql_injection_d6_security_issue-98018-2.patch | 1.16 KB | danchadwick |
| #1 | views_crosstab-sql_injection_security_issue-98018-1.patch | 1.48 KB | danchadwick |
Comments
Comment #1
danchadwick commentedAs of Nov 14, 2013:
- Fixed in 7.x-1.x-dev
- Fixed in 6.x-1.x-dev and 6.x-1.0-alpha2
At the time of this writing, d.o is experiencing difficulties with its git integration, causing packaging problem. 6.x-1.0-alpha2 may not be visible, in which case, you should upgrade to the latest 6.x-1.x-dev and ensure that it is dated on or after Nov 14, 2013.