FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-5593

This CVE name corresponds to:

Entered Topic
2007-10-24 drupal --- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-5593 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-5593
Phase Assigned(20071019)

Description

install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.

References

Source Reference
MISC http://drupal.org/files/sa-2007-025/SA-2007-025-5.2.patch
CONFIRM http://drupal.org/node/184316
FEDORA FEDORA-2007-2649
BID 26119
OSVDB 39648
SECUNIA 27290
SECUNIA 27352
XF drupal-installer-code-execution(37265)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.