Description

includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.

Remediation

References

CVE-2008-6171

Related Vulnerabilities

Mailman Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-0618)

WordPress Plugin Donation with Goals and Paypal IPN by NonprofitCMS.org 'exporttocsv.php' SQL Injection (1.0)

WordPress Plugin RocketTheme RokBox 'jwplayer.swf' Cross-Site Scripting (2.11)

MySQL CVE-2015-2641 Vulnerability (CVE-2015-2641)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33940)

Severity

Critical

Classification

CVE-2008-6171

Tags

Missing Update Known Vulnerabilities