Description
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.
Remediation
References
Related Vulnerabilities
WordPress 4.7.x Denial of Service Vulnerability (4.7 - 4.7.9)
WordPress Plugin Erident Custom Login and Dashboard Cross-Site Request Forgery (3.4.1)
WordPress Plugin Elementor Website Builder Security Bypass (1.7.12)
Apache HTTP Server Insufficient Verification of Data Authenticity Vulnerability (CVE-2020-11985)
WordPress Plugin Order Export & Order Import for WooCommerce Information Disclosure (1.0.8)