Description
Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions."
References (5)
Core 5
Core References
Patch x_refsource_confirm
http://drupalcode.org/project/drupal.git/commit/b912710
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/10/29/4
Patch x_refsource_confirm
http://drupal.org/node/1815904
Patch, Vendor Advisory x_refsource_confirm
http://drupal.org/node/1815912
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/10/30/5
Scores
EPSS
0.0067
EPSS Percentile
71.6%
Details
CWE
CWE-264
Status
published
Products (16)
drupal/drupal
7.0 (16 CPE variants)
drupal/drupal
7.1
drupal/drupal
7.2
drupal/drupal
7.3
drupal/drupal
7.4
drupal/drupal
7.5
drupal/drupal
7.6
drupal/drupal
7.7
drupal/drupal
7.8
drupal/drupal
7.9
... and 6 more
Published
Nov 11, 2012
Tracked Since
Feb 18, 2026