Description
Drupal Core is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. To be noted that this vulnerability exists only on Windows. Drupal Core versions 6.x ranging from 6.0 and up to and including 6.9 are vulnerable.
Remediation
Update to Drupal Core version 6.10 or latest
References
Related Vulnerabilities
WordPress Plugin Contact Form 7 Captcha Cross-Site Request Forgery (0.0.8)
WordPress Plugin WordPress File Upload Arbitrary File Upload (3.4.0)
WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Security Bypass (3.0.7)
WordPress Plugin WP DS FAQ Plus Cross-Site Scripting (1.4.1)
WordPress Plugin Cardinity Payment Gateway for WooCommerce Cross-Site Scripting (3.0.6)