CVE-2008-6171

includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for IP-based virtual hosts, allows remote attackers to include and execute arbitrary files via the HTTP Host header.

Affected Software

Name	Vendor	Start Version	End Version
Drupal	Drupal	5.0 (including)	5.0 (including)
Drupal	Drupal	5.1 (including)	5.1 (including)
Drupal	Drupal	5.2 (including)	5.2 (including)
Drupal	Drupal	5.3 (including)	5.3 (including)
Drupal	Drupal	5.4 (including)	5.4 (including)
Drupal	Drupal	5.5 (including)	5.5 (including)
Drupal	Drupal	5.6 (including)	5.6 (including)
Drupal	Drupal	5.7 (including)	5.7 (including)
Drupal	Drupal	5.8 (including)	5.8 (including)
Drupal	Drupal	5.9 (including)	5.9 (including)
Drupal	Drupal	5.10 (including)	5.10 (including)
Drupal	Drupal	5.11 (including)	5.11 (including)
Drupal	Drupal	6.0 (including)	6.0 (including)
Drupal	Drupal	6.1 (including)	6.1 (including)
Drupal	Drupal	6.2 (including)	6.2 (including)
Drupal	Drupal	6.3 (including)	6.3 (including)
Drupal	Drupal	6.4 (including)	6.4 (including)
Drupal	Drupal	6.5 (including)	6.5 (including)
Drupal5	Ubuntu	gutsy	*
Drupal5	Ubuntu	hardy	*
Drupal5	Ubuntu	intrepid	*
Drupal5	Ubuntu	upstream	*
Drupal6	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-6171
CWE	https://cwe.mitre.org/data/definitions/16.html

Affected Software

References