CVE-2006-2742 Information

Description

SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc (b) database.pgsql.inc and (c) database.mysqli.inc.

Reference

http://drupal.org/node/65357 http://secunia.com/advisories/20140 http://secunia.com/advisories/21244 http://www.debian.org/security/2006/dsa-1125 http://www.securityfocus.com/archive/1/435790/100/0/threaded http://www.securityfocus.com/bid/18245 http://www.vupen.com/english/advisories/2006/1975 https://exchange.xforce.ibmcloud.com/vulnerabilities/26654