Description
Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
Remediation
References
Related Vulnerabilities
MongoDb Other Vulnerability (CVE-2020-7928)
IBM WebSEAL Session Fixation Vulnerability (CVE-2018-1804)
XWiki Uncontrolled Resource Consumption Vulnerability (CVE-2024-21651)
WordPress Plugin White Label CMS Cross-Site Request Forgery (1.5)
Oracle Application Server CVE-2009-1009 Vulnerability (CVE-2009-1009)