CVE-2006-2742

EPSS 0.97%
Veröffentlicht 01.06.2006 10:02:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Drupal ≫ Drupal Version4.6

Drupal ≫ Drupal Version4.6.0

Drupal ≫ Drupal Version4.6.1

Drupal ≫ Drupal Version4.6.2

Drupal ≫ Drupal Version4.6.3

Drupal ≫ Drupal Version4.6.4

Drupal ≫ Drupal Version4.6.5

Drupal ≫ Drupal Version4.6.6

Drupal ≫ Drupal Version4.7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.97%	0.756

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://drupal.org/node/65357

Patch

Vendor Advisory

http://secunia.com/advisories/20140

Patch

Vendor Advisory

http://secunia.com/advisories/21244

http://www.debian.org/security/2006/dsa-1125

http://www.securityfocus.com/archive/1/435790/100/0/threaded

http://www.securityfocus.com/bid/18245

http://www.vupen.com/english/advisories/2006/1975

https://exchange.xforce.ibmcloud.com/vulnerabilities/26654

https://nvd.nist.gov/vuln/detail/CVE-2006-2742

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-2742

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-2742

EUVD