VYPR
Unrated severityNVD Advisory· Published Jan 28, 2009· Updated Jun 16, 2026

CVE-2008-5998

CVE-2008-5998

Description

Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:drupal:ajax_checklist:5.x-1.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:drupal:ajax_checklist:5.x-1.0:*:*:*:*:*:*:*
    • (no CPE)range: <5.x-1.1

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.