Description

includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.

Remediation

References

CVE-2008-6171

Related Vulnerabilities

WordPress Plugin Arigato Autoresponder and Newsletter Cross-Site Scripting (2.7.1.1)

Microsoft SQL Server Other Vulnerability (CVE-2002-1138)

WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting (6.6.4)

WordPress Plugin Images Slideshow by 2J-Image Slider Unspecified Vulnerability (1.2.15)

Joomla! Core Multiple Cross-Site Scripting Vulnerabilities (1.5.0 - 3.8.7)

Severity

Critical

Classification

CVE-2008-6171

Tags

Missing Update Known Vulnerabilities