Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5593

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-5593
Last Modified 15 Nov 2008 02:01:29
Published 19 Oct 2007 07:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5593

Summary

install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.

Vulnerable Systems

Application

  • Drupal 5.2


References

SECUNIA - 27290

OSVDB - 39648

CONFIRM - http://drupal.org/node/184316

MISC - http://drupal.org/files/sa-2007-025/SA-2007-025-5.2.patch

FEDORA - FEDORA-2007-2649

XF - drupal-installer-code-execution(37265)

BID - 26119

SECUNIA - 27352


Last Updated: 27 May 2016 10:46:13