Description

install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.

Remediation

References

CVE-2007-5593

Related Vulnerabilities

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2019-9638)

WordPress Plugin eShop Multiple Cross-Site Scripting Vulnerabilities (6.2.8)

Serendipity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-6969)

PHP Improper Input Validation Vulnerability (CVE-2015-5589)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7168)

Severity

Medium

Classification

CVE-2007-5593 CWE-94

Tags

Missing Update Known Vulnerabilities