Unrestricted File Upload Vulnerability in IMCE Module for Drupal
CVE-2006-7109

Currently unrated

Key Information:

Vendor

Drupal
Status
Imce Module
Vendor
CVE Published:
5 March 2007

What is CVE-2006-7109?

The IMCE module for Drupal prior to version 1.6 is affected by an unrestricted file upload vulnerability. This flaw allows remote authenticated users to upload malicious files by taking advantage of a weakness in the file extension handling mechanism, where they can use deceptive filenames with double extensions, such as .php.gif. This vulnerability can be exploited to execute arbitrary PHP code on the server, potentially leading to unauthorized actions or access to sensitive data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://drupal.org/node/87101
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/3892
vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/22261
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.