Description

Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.

Remediation

References

CVE-2016-3171

Related Vulnerabilities

Nexus Repository Manager Incorrect Authorization Vulnerability (CVE-2018-16620)

Oracle JRE CVE-2013-2453 Vulnerability (CVE-2013-2453)

MySQL CVE-2020-14777 Vulnerability (CVE-2020-14777)

LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17003)

WordPress Plugin WP TripAdvisor Review Slider Cross-Site Scripting (11.8)

Severity

High

Classification

CVE-2016-3171 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities