2 matches found
CVE-2007-5416
Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupaleval function through a callback parameter to t...
CVE-2007-5416
Technical details (affected Drupal versions, vulnerable component, root cause, exploit specifics, and patch information) are not provided in the connected documents. Monitor for updates.