CVE-2008-6171
CVE-2008-6171 · HIGH Severity
AV:N/AC:M/AU:N/C:C/I:C/A:C
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.
Learn more about our Cis Benchmark Audit For Server Software.