Chx

**Name of the Vulnerable Software and Affected Versions** Drupal versions 4.6.x through 4.6.6 Drupal version 4.7.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `count` and `from` variables in the files `database.mysql.inc`, `database.pgsql.inc`, and `database.mysqli.inc`. **Recommendations** For Drupal versions 4.6.x through 4.6.6, update to version 4.6.7 or later. For Drupal version 4.7.0, update to a version later than 4.7.0.