CVE-2006-2742

EPSS 0.97%
Published 01.06.2006 10:02:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc.

Affected products Warnungen 0 Metrics 2 CWE 0 References 11

Data is provided by the National Vulnerability Database (NVD)

Drupal ≫ Drupal Version4.6

Drupal ≫ Drupal Version4.6.0

Drupal ≫ Drupal Version4.6.1

Drupal ≫ Drupal Version4.6.2

Drupal ≫ Drupal Version4.6.3

Drupal ≫ Drupal Version4.6.4

Drupal ≫ Drupal Version4.6.5

Drupal ≫ Drupal Version4.6.6

Drupal ≫ Drupal Version4.7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.97%	0.756

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://drupal.org/node/65357

Patch

Vendor Advisory

http://secunia.com/advisories/20140

Patch

Vendor Advisory

http://secunia.com/advisories/21244

http://www.debian.org/security/2006/dsa-1125

http://www.securityfocus.com/archive/1/435790/100/0/threaded

http://www.securityfocus.com/bid/18245

http://www.vupen.com/english/advisories/2006/1975

https://exchange.xforce.ibmcloud.com/vulnerabilities/26654

https://nvd.nist.gov/vuln/detail/CVE-2006-2742

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-2742

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-2742

EUVD