Description

Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.

Remediation

References

CVE-2006-2743

Related Vulnerabilities

WordPress Plugin Shared Files-Easy Download Manager and File Sharing with Frontend File Upload Cross-Site Scripting (1.6.56)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-7411)

MySQL CVE-2020-14878 Vulnerability (CVE-2020-14878)

TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-1153)

WordPress Plugin Page Builder:KingComposer-Free Drag and Drop page builder by King-Theme Arbitrary File Upload (2.7.4)

Severity

Medium

Classification

CVE-2006-2743

Tags

Missing Update Known Vulnerabilities