Lucene search
GoogleOSV:GHSA-69G8-G9JQ-74V7HistoryMay 17, 2022 - 3:55 a.m.
Drupal arbitrary code execution
2022-05-1703:55:47
Google
osv.dev
4
drupal
remote code execution
session data.
Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.
References
www.debian.org/security/2016/dsa-3498
www.openwall.com/lists/oss-security/2016/02/24/19
www.openwall.com/lists/oss-security/2016/03/15/10
github.com/drupal/core
github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2016-3171.yaml
github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2016-3171.yaml
nvd.nist.gov/vuln/detail/CVE-2016-3171
www.drupal.org/SA-CORE-2016-001
Related
debiancve
debiancve
CVE-2016-3171
2016-04-12 15:59:00
github
github
Drupal arbitrary code execution
2022-05-17 03:55:47
prion
prion
Code injection
2016-04-12 15:59:00
friendsofphp
friendsofphp
Session data truncation can lead to unserialization of user provided data
2016-02-15 18:57:00
Session data truncation can lead to unserialization of user provided data
2016-02-15 18:57:00
nvd
nvd
CVE-2016-3171
2016-04-12 15:59:08
cve
cve
CVE-2016-3171
2016-04-12 15:59:08
ubuntucve
ubuntucve
CVE-2016-3171
2016-04-12 00:00:00
cvelist
cvelist
CVE-2016-3171
2016-04-12 15:00:00
openvas
openvas
Drupal 6.x < 6.38 Multiple Vulnerabilities (SA-CORE-2016-001) - Windows
2016-05-18 00:00:00
Drupal 6.x < 6.38 Multiple Vulnerabilities (SA-CORE-2016-001) - Linux
2016-05-18 00:00:00
drupal
drupal
Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-001
2016-02-24 00:00:00