Description
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Improper Authentication Vulnerability (CVE-2017-3167)
WordPress Plugin CM Pop-Up banners for WordPress SQL Injection (1.5.10)
Nginx Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2016-1247)
datatables Cross-site Scripting (XSS) Vulnerability (CVE-2015-6584)