Description

Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.

Remediation

References

CVE-2006-2831

Related Vulnerabilities

Play Framework Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2022-31023)

WordPress Plugin GeoDirectory Location Manager Multiple SQL Injection Vulnerabilities (2.1.0.9)

WordPress Plugin SendPress Newsletters Unspecified Vulnerability (1.7.6.11)

WordPress Plugin Awesome Support-WordPress HelpDesk & Support Cross-Site Scripting (6.0.5)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-1619)

Severity

High

Classification

CVE-2006-2831

Tags

Missing Update Known Vulnerabilities