Description

includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.

Remediation

References

CVE-2008-6171

Related Vulnerabilities

Apache HTTP Server Resource Management Errors Vulnerability (CVE-2016-1546)

WordPress Plugin Google SEO Pressor for Rich snippets Cross-Site Scripting (1.2.6)

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5272)

XWiki Files or Directories Accessible to External Parties Vulnerability (CVE-2022-23621)

WordPress Plugin ReDi Restaurant Reservation Cross-Site Scripting (21.0307)

Severity

Critical

Classification

CVE-2008-6171

Tags

Missing Update Known Vulnerabilities