Description

includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.

Remediation

References

CVE-2008-6171

Related Vulnerabilities

MySQL CVE-2016-5626 Vulnerability (CVE-2016-5626)

WordPress Plugin Double Opt-In for Download Multiple Cross-Site Scripting Vulnerabilities (2.1.5)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42047)

Oracle JRE CVE-2013-5849 Vulnerability (CVE-2013-5849)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2008-3659)

Severity

Critical

Classification

CVE-2008-6171

Tags

Missing Update Known Vulnerabilities