5.1

CVE-2006-2743

Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DrupalDrupal Version4.6
DrupalDrupal Version4.6.0
DrupalDrupal Version4.6.1
DrupalDrupal Version4.6.2
DrupalDrupal Version4.6.3
DrupalDrupal Version4.6.4
DrupalDrupal Version4.6.5
DrupalDrupal Version4.6.6
DrupalDrupal Version4.7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 11.12% 0.954
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/20140
Patch
Vendor Advisory
http://secunia.com/advisories/21244
http://www.debian.org/security/2006/dsa-1125
http://www.securityfocus.com/bid/18245
http://www.vupen.com/english/advisories/2006/1975
http://drupal.org/node/65409
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/435794/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/26655
https://www.exploit-db.com/exploits/1821