Description

SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc.

Remediation

References

CVE-2006-2742

Related Vulnerabilities

MediaWiki Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-35624)

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce SQL Injection (5.4.19)

WordPress Plugin SB Uploader Arbitrary File Upload (4.1)

WordPress Plugin Facebook Members Cross-Site Request Forgery (5.0.4)

WordPress Plugin Insert or Embed Articulate Content into WordPress Arbitrary File Upload (4.3000000023)

Severity

High

Classification

CVE-2006-2742

Tags

Missing Update Known Vulnerabilities