Description

Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.

Remediation

References

CVE-2006-2743

Related Vulnerabilities

Oracle JRE CVE-2014-2428 Vulnerability (CVE-2014-2428)

WordPress 6.4.x Multiple Vulnerabilities (6.4 - 6.4.2)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4300)

WordPress Plugin WP Crontrol Cross-Site Scripting (1.2.3)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Directory Traversal (1.3.42)

Severity

Medium

Classification

CVE-2006-2743

Tags

Missing Update Known Vulnerabilities