Description
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.
Remediation
References
Related Vulnerabilities
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-10202)
WordPress Plugin iThemes Security (formerly Better WP Security) Security Bypass (7.9.0)
OpenSSL Other Vulnerability (CVE-2016-0705)
WordPress Plugin Import and export users and customers Cross-Site Scripting (1.12)
WordPress Plugin Frontend File Manager Arbitrary File Upload (3.9)