Description

Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.

Remediation

References

CVE-2016-3171

Related Vulnerabilities

Joomla! Core Cross-Site Scripting (1.0.0 - 3.9.2)

WordPress Plugin Citizen Space Cross-Site Scripting (1.1)

MySQL CVE-2020-2921 Vulnerability (CVE-2020-2921)

WordPress Plugin WP-Table Reloaded Cross-Site Scripting (1.9.3)

WordPress Plugin Webmention Cross-Site Scripting (4.0.8)

Severity

High

Classification

CVE-2016-3171 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities