CVE-2007-5593

critical

Description

install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.

References

Advisories
More

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00328.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/37265

http://www.securityfocus.com/bid/26119

http://secunia.com/advisories/27352

http://secunia.com/advisories/27290

http://drupal.org/node/184316

http://drupal.org/files/sa-2007-025/SA-2007-025-5.2.patch

Details

Source: Mitre, NVD

Published: 2007-10-19

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.02349

Detections

Analytics