CVE Vulnerability

CVE-2007-5593

install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.

6.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://drupal.org/files/sa-2007-025/SA-2007-025-5.2.patch Patch Vendor Advisory
http://drupal.org/node/184316 Vendor Advisory
http://secunia.com/advisories/27290 Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00328.html Third Party Advisory
http://www.securityfocus.com/bid/26119 Third Party Advisory VDB Entry
http://secunia.com/advisories/27352 Third Party Advisory
http://osvdb.org/39648 Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/37265 Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
Information

Published : 2007-10-19 11:17

Updated : 2021-04-19 08:59

NVD link : CVE-2007-5593

Mitre link : CVE-2007-5593

Products Affected
No products.
CWE
CWE-94