Unrestricted File Upload Vulnerability in IMCE Module for Drupal
CVE-2006-7109

Currently unrated

Key Information:

Vendor: Drupal
Status: Imce Module
Vendor: CVE Published:; 5 March 2007

Summary

The IMCE module for Drupal prior to version 1.6 is affected by an unrestricted file upload vulnerability. This flaw allows remote authenticated users to upload malicious files by taking advantage of a weakness in the file extension handling mechanism, where they can use deceptive filenames with double extensions, such as .php.gif. This vulnerability can be exploited to execute arbitrary PHP code on the server, potentially leading to unauthorized actions or access to sensitive data.

References

http://drupal.org/node/87101

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2006/3892

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/22261

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Mar 5, 2007
Vulnerability Reserved
Mar 5, 2007