Vulnerability Description
install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.
CVSS Score
6.8
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Drupal | Drupal | >= 5.0, < 5.3 |
| Fedoraproject | Fedora | 7 |
Related Weaknesses (CWE)
References
- http://drupal.org/files/sa-2007-025/SA-2007-025-5.2.patchPatchVendor Advisory
- http://drupal.org/node/184316Vendor Advisory
- http://osvdb.org/39648Broken Link
- http://secunia.com/advisories/27290Third Party Advisory
- http://secunia.com/advisories/27352Third Party Advisory
- http://www.securityfocus.com/bid/26119Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37265Third Party AdvisoryVDB Entry
- https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00328.htThird Party Advisory
- http://drupal.org/files/sa-2007-025/SA-2007-025-5.2.patchPatchVendor Advisory
- http://drupal.org/node/184316Vendor Advisory
- http://osvdb.org/39648Broken Link
- http://secunia.com/advisories/27290Third Party Advisory
- http://secunia.com/advisories/27352Third Party Advisory
- http://www.securityfocus.com/bid/26119Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37265Third Party AdvisoryVDB Entry
FAQ
What is CVE-2007-5593?
CVE-2007-5593 is a vulnerability with a CVSS score of 6.8 (MEDIUM). install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.
How severe is CVE-2007-5593?
CVE-2007-5593 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5593?
Check the references section above for vendor advisories and patch information. Affected products include: Drupal Drupal, Fedoraproject Fedora.