Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2009-02-19	CVE-2008-6171	Improper Input Validation vulnerability in Drupal includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header. network drupal CWE-20 critical	9.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.