Description

install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.

Remediation

References

CVE-2007-5593

Related Vulnerabilities

WordPress Plugin Chamber Dashboard Business Directory Cross-Site Scripting (3.2.8)

WordPress Plugin Product Reviews Import Export for WooCommerce CSV Injection (1.4.8)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-6889)

Apache Tomcat Other Vulnerability (CVE-2008-0002)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33940)

Severity

Medium

Classification

CVE-2007-5593 CWE-94

Tags

Missing Update Known Vulnerabilities