Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2742

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2742
Last Modified 07 Mar 2011 09:36:56
Published 01 Jun 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2742

Summary

SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc.

Vulnerable Systems

Application

  • Drupal 4.6

  • Drupal 4.6.0

  • Drupal 4.6.1

  • Drupal 4.6.2

  • Drupal 4.6.3

  • Drupal 4.6.4

  • Drupal 4.6.5

  • Drupal 4.6.6

  • Drupal 4.7.0


References

XF - drupal-database-sql-injection(26654)

SECUNIA - 20140

CONFIRM - http://drupal.org/node/65357

VUPEN - ADV-2006-1975

BID - 18245

BUGTRAQ - 20060602 [DRUPAL-SA-2006-005] Drupal 4.6.7 / 4.7.1 fixes SQL injection issue

DEBIAN - DSA-1125

SECUNIA - 21244


Last Updated: 27 May 2016 10:42:44