CVE-2008-6171

CVE-2008-6171 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.

Learn more about our Cis Benchmark Audit For Server Software.