CVE-2006-2742

Description

SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/26654

http://www.vupen.com/english/advisories/2006/1975

http://www.securityfocus.com/bid/18245

http://www.securityfocus.com/archive/1/435790/100/0/threaded

http://www.debian.org/security/2006/dsa-1125

http://secunia.com/advisories/21244

http://secunia.com/advisories/20140

http://drupal.org/node/65357

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3