Vulnerability Details CVE-2016-3171
Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.032
EPSS Ranking 86.5%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 6.8