Description
Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.
Remediation
References
Related Vulnerabilities
WordPress Plugin Church Admin Cross-Site Scripting (0.856)
PostgreSQL Other Vulnerability (CVE-2005-1410)
Oracle Database Server CVE-2009-1991 Vulnerability (CVE-2009-1991)
WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate Remote Code Execution (5.0.0)
WordPress 4.8.x Arbitrary File Deletion Vulnerability (4.8 - 4.8.6)