Directory Traversal Vulnerability in IMCE Module for Drupal
CVE-2006-7110

Currently unrated

Key Information:

Vendor: Drupal
Status: Imce Module
Vendor: CVE Published:; 5 March 2007

Summary

The IMCE module for Drupal prior to version 1.6 contains a directory traversal vulnerability in its delete function. This flaw enables remote authenticated users to exploit the module by manipulating file paths, specifically through the use of '..' sequences. As a result, these users can delete arbitrary files on the server, potentially leading to significant data loss or further exploits. It is crucial for database administrators and developers using this module to apply the necessary updates to safeguard against unauthorized file manipulation.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/29324

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/20312

vdb-entryx_refsource_BID

http://drupal.org/node/87101

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 5, 2007
Vulnerability Reserved
Mar 5, 2007