Arbitrary Code Execution via Session Data Truncation in Drupal 6.x

Arbitrary Code Execution via Session Data Truncation in Drupal 6.x

CVE-2016-3171 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.

Learn more about our Web Application Penetration Testing UK.