Description
install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.
Remediation
References
Related Vulnerabilities
PHP Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-7272)
TYPO3 Uncontrolled Recursion Vulnerability (CVE-2022-23500)
Drupal Core 6.x Remote Code Execution (6.0 - 6.38)
PHP Improper Resource Shutdown or Release Vulnerability (CVE-2015-3415)
WordPress Plugin Edit Author Slug Cross-Site Scripting (1.0.5.1)