Description

Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.

Remediation

References

CVE-2016-3171

Related Vulnerabilities

SharePoint Improper Input Validation Vulnerability (CVE-2011-1989)

Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-8769)

Joomla! Core 3.9.x Cross-Site Scripting (3.9.0 - 3.9.20)

Apache Tomcat Other Vulnerability (CVE-2003-0045)

PostgreSQL Cryptographic Issues Vulnerability (CVE-2012-2143)

Severity

High

Classification

CVE-2016-3171 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities