CVE-2006-2743

critical

Description

Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.

References

https://www.exploit-db.com/exploits/1821

https://exchange.xforce.ibmcloud.com/vulnerabilities/26655

http://www.vupen.com/english/advisories/2006/1975

http://www.securityfocus.com/bid/18245

http://www.securityfocus.com/archive/1/435794/100/0/threaded

http://www.debian.org/security/2006/dsa-1125

http://secunia.com/advisories/21244

http://secunia.com/advisories/20140

http://drupal.org/node/65409

Details

Source: Mitre, NVD

Published: 2006-06-01

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics