Unrated severityNVD Advisory· Published Sep 20, 2012· Updated Apr 29, 2026
CVE-2012-1626
CVE-2012-1626
Description
SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to execute arbitrary SQL commands via unspecified vectors.
Affected products
19cpe:2.3:a:karen_stevenson:date:6.x-2.0:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:karen_stevenson:date:6.x-2.0:*:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.0:beta:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.0:rc5:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.0:rc6:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.1:*:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.2:*:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.3:*:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.4:*:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.5:*:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.6:*:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.7:*:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:date:6.x-2.x:dev:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- drupal.org/node/1401026nvdPatch
- drupal.org/node/1401434nvdPatchVendor Advisory
- secunia.com/advisories/47533nvdVendor Advisory
- osvdb.org/78261nvd
- www.openwall.com/lists/oss-security/2012/04/07/1nvd
- www.securityfocus.com/bid/51378nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/72356nvd
News mentions
0No linked articles in our index yet.