Description
Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
Remediation
References
Related Vulnerabilities
WordPress Plugin Dynamic Content for Elementor Remote Code Execution (1.9.5.6)
Oracle JRE CVE-2013-5801 Vulnerability (CVE-2013-5801)
WordPress Plugin Redux Framework Multiple Cross-Site Scripting Vulnerabilities (3.6.0.2)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17299)