Drupal Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5593)

Description

install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.

Remediation

References

CVE-2007-5593

Related Vulnerabilities

WordPress Plugin WordPress Backup and Migrate-Backup Guard Arbitrary File Upload (1.5.9)

Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-8143)

Elgg Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-2936)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3092)

WordPress Plugin Shoppable Images Multiple Vulnerabilities (1.0.0)

Severity

Medium

Classification

CVE-2007-5593 CWE-94

Description

Remediation

References

Related Vulnerabilities

Severity

Classification

Tags

Take action and discover your vulnerabilities