Vulnerability Details CVE-2007-5416
Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupal_eval function through a callback parameter to the default URI, as demonstrated by the _menu[callbacks][1][callback] parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Drupal.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.044
EPSS Ranking 88.5%
CVSS Severity
CVSS v2 Score 6.8
References
- http://securityreason.com/securityalert/3216
- http://securityvulns.ru/Sdocument137.html
- http://www.securityfocus.com/archive/1/482006/100/0/threaded
- https://www.exploit-db.com/exploits/4510
- http://securityreason.com/securityalert/3216
- http://securityvulns.ru/Sdocument137.html
- http://www.securityfocus.com/archive/1/482006/100/0/threaded
- https://www.exploit-db.com/exploits/4510
Products affected by CVE-2007-5416
-
cpe:2.3:a:drupal:drupal:-
-
cpe:2.3:a:drupal:drupal:4.0.0
-
cpe:2.3:a:drupal:drupal:4.1.0
-
cpe:2.3:a:drupal:drupal:4.2.0
-
cpe:2.3:a:drupal:drupal:4.3.0
-
cpe:2.3:a:drupal:drupal:4.3.1
-
cpe:2.3:a:drupal:drupal:4.3.2
-
cpe:2.3:a:drupal:drupal:4.4.0
-
cpe:2.3:a:drupal:drupal:4.4.1
-
cpe:2.3:a:drupal:drupal:4.4.2
-
cpe:2.3:a:drupal:drupal:4.4.3
-
cpe:2.3:a:drupal:drupal:4.5.0
-
cpe:2.3:a:drupal:drupal:4.5.1
-
cpe:2.3:a:drupal:drupal:4.5.2
-
cpe:2.3:a:drupal:drupal:4.5.3
-
cpe:2.3:a:drupal:drupal:4.5.4
-
cpe:2.3:a:drupal:drupal:4.5.5
-
cpe:2.3:a:drupal:drupal:4.5.6
-
cpe:2.3:a:drupal:drupal:4.5.7
-
cpe:2.3:a:drupal:drupal:4.5.8
-
cpe:2.3:a:drupal:drupal:4.6.0
-
cpe:2.3:a:drupal:drupal:4.6.1
-
cpe:2.3:a:drupal:drupal:4.6.10
-
cpe:2.3:a:drupal:drupal:4.6.11
-
cpe:2.3:a:drupal:drupal:4.6.2
-
cpe:2.3:a:drupal:drupal:4.6.3
-
cpe:2.3:a:drupal:drupal:4.6.4
-
cpe:2.3:a:drupal:drupal:4.6.5
-
cpe:2.3:a:drupal:drupal:4.6.6
-
cpe:2.3:a:drupal:drupal:4.6.7
-
cpe:2.3:a:drupal:drupal:4.6.8
-
cpe:2.3:a:drupal:drupal:4.6.9
-
cpe:2.3:a:drupal:drupal:4.7.0
-
cpe:2.3:a:drupal:drupal:4.7.1
-
cpe:2.3:a:drupal:drupal:4.7.10
-
cpe:2.3:a:drupal:drupal:4.7.11
-
cpe:2.3:a:drupal:drupal:4.7.2
-
cpe:2.3:a:drupal:drupal:4.7.3
-
cpe:2.3:a:drupal:drupal:4.7.4
-
cpe:2.3:a:drupal:drupal:4.7.5
-
cpe:2.3:a:drupal:drupal:4.7.6
-
cpe:2.3:a:drupal:drupal:4.7.7
-
cpe:2.3:a:drupal:drupal:4.7.8
-
cpe:2.3:a:drupal:drupal:4.7.9
-
cpe:2.3:a:drupal:drupal:5.0
-
cpe:2.3:a:drupal:drupal:5.1
-
cpe:2.3:a:drupal:drupal:5.2