CVE-2012-4553
Publication date 11 November 2012
Last updated 24 July 2024
Ubuntu priority
Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions."
Status
Package | Ubuntu Release | Status |
---|---|---|
drupal7 | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Not affected
|
|
Notes
seth-arnold
mitigated if webserver user cannot write to drupal code or data though information leak through install.php is also possible