CVE-2006-2743 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-2743
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-2743

Description: Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/26655 SAID Secunia Advisory: SA20140 Secunia Advisory: SA21244 MISC http://www.milw0rm.com/exploits/1821 DEBIAN http://www.debian.org/security/2006/dsa-1125 CONFIRM http://drupal.org/node/65409 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/435794/100/0/threaded BID 18245

Return to the previous page.