| Vulnerability Name: | CVE-2007-5416 | ||||||||
| Assigned: | 2007-10-12 | ||||||||
| Published: | 2007-10-12 | ||||||||
| Updated: | 2018-10-15 | ||||||||
| Summary: | Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupal_eval function through a callback parameter to the default URI, as demonstrated by the _menu[callbacks][1][callback] parameter. Note: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Drupal. | ||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-189 | ||||||||
| Vulnerability Consequences: | ALLOWS_OTHER_ACCESS | ||||||||
| References: | Source: MITRE Type: CNA CVE-2007-5416 Source: SREASON Type: UNKNOWN 3216 Source: MISC Type: Exploit http://securityvulns.ru/Sdocument137.html Source: BUGTRAQ Type: UNKNOWN 20071010 Vulnerabilities digest Source: EXPLOIT-DB Type: UNKNOWN 4510 | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||