CVE-2006-7109

Currently unrated

Key Information:

Vendor: Drupal
Status: Imce Module
Vendor: CVE Published:; 5 March 2007

Summary

Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal module, allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension such as .php.gif.

References

http://drupal.org/node/87101

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2006/3892

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/22261

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Mar 5, 2007
Vulnerability Reserved
Mar 5, 2007