Description

SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc.

Remediation

References

CVE-2006-2742

Related Vulnerabilities

OpenSSL NULL Pointer Dereference Vulnerability (CVE-2004-0079)

WordPress Plugin Q and A FAQ and Knowledge Base for WordPress Multiple SQL Injection Vulnerabilities (1.0.6.2)

WebLogic CVE-2021-2109 Vulnerability (CVE-2021-2109)

WordPress Plugin ThinkTwit Cross-Site Scripting (1.7.0)

MySQL CVE-2019-2938 Vulnerability (CVE-2019-2938)

Severity

High

Classification

CVE-2006-2742

Tags

Missing Update Known Vulnerabilities