CVE-2006-2742
Summary
| CVE | CVE-2006-2742 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2006-06-01 10:02:00 UTC |
| Updated | 2018-10-18 16:41:00 UTC |
| Description | SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Drupal | Drupal | 4.6 | All | All | All |
| Application | Drupal | Drupal | 4.6.0 | All | All | All |
| Application | Drupal | Drupal | 4.6.1 | All | All | All |
| Application | Drupal | Drupal | 4.6.2 | All | All | All |
| Application | Drupal | Drupal | 4.6.3 | All | All | All |
| Application | Drupal | Drupal | 4.6.4 | All | All | All |
| Application | Drupal | Drupal | 4.6.5 | All | All | All |
| Application | Drupal | Drupal | 4.6.6 | All | All | All |
| Application | Drupal | Drupal | 4.7.0 | All | All | All |
| Application | Drupal | Drupal | 4.6 | All | All | All |
| Application | Drupal | Drupal | 4.6.0 | All | All | All |
| Application | Drupal | Drupal | 4.6.1 | All | All | All |
| Application | Drupal | Drupal | 4.6.2 | All | All | All |
| Application | Drupal | Drupal | 4.6.3 | All | All | All |
| Application | Drupal | Drupal | 4.6.4 | All | All | All |
| Application | Drupal | Drupal | 4.6.5 | All | All | All |
| Application | Drupal | Drupal | 4.6.6 | All | All | All |
| Application | Drupal | Drupal | 4.7.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SQL injection vulnerability | drupal.org | CONFIRM | drupal.org | Patch, Vendor Advisory |
| Drupal SQL Injection and Arbitrary File Execution Vulnerabilities - Advisories - Secunia | SECUNIA | secunia.com | Patch, Vendor Advisory |
| Debian -- Security Information -- DSA-1125-2 drupal | DEBIAN | www.debian.org | |
| Debian update for drupal - Advisories - Secunia | SECUNIA | secunia.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Drupal Multiple Input Validation Vulnerabilities | BID | www.securityfocus.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.