Detections
Analytics

CVE-2006-2831

critical

Description

Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.

References

http://www.securityfocus.com/bid/18245

http://www.securityfocus.com/archive/1/435792/100/0/threaded

http://www.debian.org/security/2006/dsa-1125

http://securityreason.com/securityalert/1042

http://secunia.com/advisories/21244

http://drupal.org/node/66763

http://drupal.org/files/sa-2006-007/advisory.txt

Details

Source: Mitre, NVD

Published: 2006-06-06

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical