Description
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.
Remediation
References
Related Vulnerabilities
ASP.NET MVC Improper Input Validation Vulnerability (CVE-2017-0249)
Internet Information Services Other Vulnerability (CVE-1999-0412)
silverstripeCMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5087)
Oracle Database Server CVE-2006-0287 Vulnerability (CVE-2006-0287)
Internet Information Services Configuration Vulnerability (CVE-1999-0725)