CVE-2007-5593
Drupal 5.x < 5.3 - Remote Code Execution via install.php Database Unreachable Vector
Title source: llmDescription
install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.
References (8)
Core 8
Core References
Patch, Vendor Advisory x_refsource_misc
http://drupal.org/files/sa-2007-025/SA-2007-025-5.2.patch
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/39648
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/37265
Vendor Advisory x_refsource_confirm
http://drupal.org/node/184316
Third Party Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00328.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27352
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27290
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26119
Scores
EPSS
0.0250
EPSS Percentile
85.5%
Details
CWE
CWE-94
Status
published
Products (2)
drupal/drupal
5.0 - 5.3
fedoraproject/fedora
7
Published
Oct 19, 2007
Tracked Since
Feb 18, 2026