Description

Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.

Remediation

References

CVE-2006-2831

Related Vulnerabilities

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2947)

WordPress Plugin Let Them Unsubscribe Multiple Unspecified Vulnerabilities (1.0)

WordPress Plugin WordPress Video Player Cross-Site Scripting (1.5.1)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-27898)

WordPress Plugin WordPress Ultra Simple Paypal Shopping Cart Multiple Cross-Site Scripting Vulnerabilities (4.3.9.0)

Severity

High

Classification

CVE-2006-2831

Tags

Missing Update Known Vulnerabilities