Description

includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.

Remediation

References

CVE-2008-6171

Related Vulnerabilities

MySQL CVE-2012-3167 Vulnerability (CVE-2012-3167)

WordPress Plugin XML Sitemap & Google News feeds Cross-Site Scripting (4.5)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress SQL Injection (3.3.21.1)

Liferay DXP URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-25609)

math.js Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-1001002)

Severity

Critical

Classification

CVE-2008-6171

Tags

Missing Update Known Vulnerabilities