Vulnerability Description
Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupal_eval function through a callback parameter to the default URI, as demonstrated by the _menu[callbacks][1][callback] parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Drupal.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Drupal | Drupal | <= 5.2 |
Related Weaknesses (CWE)
References
- http://securityreason.com/securityalert/3216
- http://securityvulns.ru/Sdocument137.htmlExploit
- http://www.securityfocus.com/archive/1/482006/100/0/threaded
- https://www.exploit-db.com/exploits/4510
- http://securityreason.com/securityalert/3216
- http://securityvulns.ru/Sdocument137.htmlExploit
- http://www.securityfocus.com/archive/1/482006/100/0/threaded
- https://www.exploit-db.com/exploits/4510
FAQ
What is CVE-2007-5416?
CVE-2007-5416 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to...
How severe is CVE-2007-5416?
CVE-2007-5416 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5416?
Check the references section above for vendor advisories and patch information. Affected products include: Drupal Drupal.