Description

SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc.

Remediation

References

CVE-2006-2742

Related Vulnerabilities

WordPress 2.3.2 Post Edit Unauthorized Access Vulnerability (0.7 - 2.3.2)

OpenSSL Resource Management Errors Vulnerability (CVE-2014-0221)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-9912)

RubyGems Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1000079)

WordPress Plugin Advanced Custom Fields (ACF) Information Disclosure (6.0.2)

Severity

High

Classification

CVE-2006-2742

Tags

Missing Update Known Vulnerabilities