Description
Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
Remediation
References
Related Vulnerabilities
WordPress Plugin Download Monitor SQL Injection (4.4.4)
WordPress Plugin Cookie Bar Cross-Site Scripting (1.8.8)
Artifactory Incorrect Authorization Vulnerability (CVE-2021-45730)
Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-35030)
WordPress Plugin Gravity Forms Arbitrary File Upload (1.8.19)