CVE-2007-5593 Information

Description

install.php in Drupal 5.x before 5.3 when the configured database server is not reachable allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.

Reference

http://drupal.org/files/sa-2007-025/SA-2007-025-5.2.patch http://drupal.org/node/184316 http://osvdb.org/39648 http://secunia.com/advisories/27290 http://secunia.com/advisories/27352 http://www.securityfocus.com/bid/26119 https://exchange.xforce.ibmcloud.com/vulnerabilities/37265 https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00328.html