CVE-2006-2743

2006-06-0110:02:00

[email protected]

web.nvd.nist.gov

cve

2006

2743

drupal

apache

mod_mime

file handling

remote attackers

arbitrary files

security vulnerability

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.033 Low

EPSS

Percentile

91.4%

JSON

Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.

Affected configurations

NVD

Node

drupaldrupalMatch4.6

drupaldrupalMatch4.6.0

drupaldrupalMatch4.6.1

drupaldrupalMatch4.6.2

drupaldrupalMatch4.6.3

drupaldrupalMatch4.6.4

drupaldrupalMatch4.6.5

drupaldrupalMatch4.6.6

drupaldrupalMatch4.7.0

CPENameOperatorVersion
drupal:drupaldrupaleq4.6
drupal:drupaldrupaleq4.6.0
drupal:drupaldrupaleq4.6.1
drupal:drupaldrupaleq4.6.2
drupal:drupaldrupaleq4.6.3
drupal:drupaldrupaleq4.6.4
drupal:drupaldrupaleq4.6.5
drupal:drupaldrupaleq4.6.6
drupal:drupaldrupaleq4.7.0

CPE	Name	Operator	Version
drupal:drupal	drupal	eq	4.6
drupal:drupal	drupal	eq	4.6.0
drupal:drupal	drupal	eq	4.6.1
drupal:drupal	drupal	eq	4.6.2
drupal:drupal	drupal	eq	4.6.3
drupal:drupal	drupal	eq	4.6.4
drupal:drupal	drupal	eq	4.6.5
drupal:drupal	drupal	eq	4.6.6
drupal:drupal	drupal	eq	4.7.0