7.5

CVE-2006-2831

EPSS 4.25%
Published 06.06.2006 00:02:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.

Affected products Warnungen 0 Metrics 2 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

Drupal ≫ Drupal Version4.6

Drupal ≫ Drupal Version4.6.0

Drupal ≫ Drupal Version4.6.1

Drupal ≫ Drupal Version4.6.2

Drupal ≫ Drupal Version4.6.3

Drupal ≫ Drupal Version4.6.4

Drupal ≫ Drupal Version4.6.5

Drupal ≫ Drupal Version4.6.6

Drupal ≫ Drupal Version4.6.7

Drupal ≫ Drupal Version4.7.0

Drupal ≫ Drupal Version4.7.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.25%	0.877

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/21244

http://www.debian.org/security/2006/dsa-1125

http://www.securityfocus.com/bid/18245

http://drupal.org/files/sa-2006-007/advisory.txt

Patch

Vendor Advisory

http://drupal.org/node/66763

Patch

http://securityreason.com/securityalert/1042

http://www.securityfocus.com/archive/1/435792/100/0/threaded

https://nvd.nist.gov/vuln/detail/CVE-2006-2831

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-2831

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-2831

EUVD