Unrated severityNVD Advisory· Published Jun 1, 2006· Updated Jun 16, 2026

CVE-2006-2742

Description

SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Drupal/Drupal10 versions
cpe:2.3:a:drupal:drupal:4.6:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:drupal:drupal:4.6:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.7.0:*:*:*:*:*:*:*
- (no CPE)range: <4.6.7, =4.7.0

Patches

Vulnerability mechanics

References

drupal.org/node/65357nvdPatchVendor Advisory
secunia.com/advisories/20140nvdPatchVendor Advisory
secunia.com/advisories/21244nvd
www.debian.org/security/2006/dsa-1125nvd
www.securityfocus.com/archive/1/435790/100/0/threadednvd
www.securityfocus.com/bid/18245nvd
www.vupen.com/english/advisories/2006/1975nvd
exchange.xforce.ibmcloud.com/vulnerabilities/26654nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000