Vulnerabilities > CVE-2007-5416 - Numeric Errors vulnerability in Drupal
Summary
Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupal_eval function through a callback parameter to the default URI, as demonstrated by the _menu[callbacks][1][callback] parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Drupal.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description | Drupal <= 5.2 PHP Zend Hash Vulnerability Exploitation Vector. CVE-2007-5416. Webapps exploit for php platform |
file | exploits/php/webapps/4510.txt |
id | EDB-ID:4510 |
last seen | 2016-01-31 |
modified | 2007-10-10 |
platform | php |
port | |
published | 2007-10-10 |
reporter | ShAnKaR |
source | https://www.exploit-db.com/download/4510/ |
title | Drupal <= 5.2 PHP Zend Hash Vulnerability Exploitation Vector |
type | webapps |