Description

Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.

Remediation

References

CVE-2016-3171

Related Vulnerabilities

PHP Other Vulnerability (CVE-2011-0421)

phpMyFAQ Improper Privilege Management Vulnerability (CVE-2023-1762)

Jenkins CVE-2023-44487 Vulnerability (CVE-2023-44487)

phpBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-7143)

WordPress Plugin WPFront Scroll Top Cross-Site Scripting (2.0.6.07225)

Severity

High

Classification

CVE-2016-3171 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities