| Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2007-5593 | 6.8 |
install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified.
|
19-04-2021 - 20:59 | 19-10-2007 - 23:17 | |
| CVE-2007-5594 | 4.3 |
Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack.
|
19-04-2021 - 20:59 | 19-10-2007 - 23:17 | |
| CVE-2007-5597 | 4.3 |
The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 does not pass publication status, which might allow attackers to bypass access restrictions and trigger e-mail with unpublished comments from some modules, as demonstrated by (1) O
|
26-10-2018 - 14:14 | 19-10-2007 - 23:17 | |
| CVE-2007-5595 | 5.1 |
CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
|
26-10-2018 - 14:13 | 19-10-2007 - 23:17 | |
| CVE-2007-5596 | 4.3 |
The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 places the .html extension on a whitelist, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading .html files.
|
26-10-2018 - 14:13 | 19-10-2007 - 23:17 |