Description

includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.

Remediation

References

CVE-2008-6171

Related Vulnerabilities

concrete5 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-8082)

WordPress Plugin Compact WP Audio Player Cross-Site Scripting (1.9.7)

MediaWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-1055)

Drupal Core 7.x Remote Code Execution (7.0 - 7.57)

SharePoint Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-1202)

Severity

Critical

Classification

CVE-2008-6171

Tags

Missing Update Known Vulnerabilities