Description

SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc.

Remediation

References

CVE-2006-2742

Related Vulnerabilities

PHP Other Vulnerability (CVE-2020-7066)

MySQL CVE-2023-22103 Vulnerability (CVE-2023-22103)

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4627)

WordPress Plugin CF7 Invisible reCAPTCHA Cross-Site Request Forgery (1.3.3)

WordPress Plugin iThemes Security (formerly Better WP Security) Cross-Site Scripting (3.2.4)

Severity

High

Classification

CVE-2006-2742

Tags

Missing Update Known Vulnerabilities