The vulnerability stems from improper sanitization of SQL identifiers (table/column names) in the Data module. Drupal's database API requires explicit sanitization for identifiers using db_escape_table(), which wasn't properly implemented in query construction functions. The primary vulnerable function data_build_query handles dynamic query generation using user-controlled schema elements, while data_ui_admin_manage_alter processes schema modifications. The high confidence for data_build_query comes from its direct role in SQL assembly, while medium confidence for data_ui_admin_manage_alter is based on typical schema alteration patterns in Drupal modules.