Description

Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.

Remediation

References

CVE-2016-3171

Related Vulnerabilities

Oracle Database Server Incorrect Calculation of Buffer Size Vulnerability (CVE-2004-1363)

WebLogic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11022)

WordPress Plugin WP Hotel Booking Cross-Site Request Forgery (1.10.1)

WordPress Plugin Properties and Agents-Real Estate Manager Cross-Site Scripting (6.7.1)

TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-23503)

Severity

High

Classification

CVE-2016-3171 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities