Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.1
CVSSv2

CVE-2006-2743

Published: 01/06/2006 Updated: 18/10/2018
CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9
VMScore: 515
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Subscribe to Drupal

Vulnerability Summary

Drupal 4.6.x prior to 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote malicious users to upload, modify, or execute arbitrary files in the files directory.

Vulnerable Product Search on Vulmon Subscribe to Product

drupal drupal 4.6.3

drupal drupal 4.6.4

drupal drupal 4.6.1

drupal drupal 4.6.2

drupal drupal 4.6.5

drupal drupal 4.6.6

drupal drupal 4.7.0

drupal drupal 4.6

drupal drupal 4.6.0

Vendor Advisories

Debian Security Advisories: DSA-1125-2 drupal -- several vulnerabilities
The Drupal update in DSA 1125 contained a regression This update corrects this flaw For completeness, the original advisory text below: Several remote vulnerabilities have been discovered in the Drupal web site platform, which may lead to the execution of arbitrary web script The Common Vulnerabilities and Exposures project identifies the follow ...

Exploits

Exploit DB: Drupal 4.7 - 'Attachment mod_mime' Remote Command Execution
#!/usr/bin/php -q -d short_open_tag=on <? echo "Drupal <= 47 attachment mod_mime poc exploit\r\n"; echo "by rgod rgod@autisticiorg\r\n"; echo "site: retrogodaltervistaorg\r\n\r\n"; /* this works with a user account with upload rights and with permissions to modify stories, however this is only a poc, you can do the same uploading ...

References

NVD-CWE-Otherhttp://drupal.org/node/65409http://secunia.com/advisories/20140http://www.securityfocus.com/bid/18245http://www.debian.org/security/2006/dsa-1125http://secunia.com/advisories/21244http://www.vupen.com/english/advisories/2006/1975https://exchange.xforce.ibmcloud.com/vulnerabilities/26655https://www.exploit-db.com/exploits/1821http://www.securityfocus.com/archive/1/435794/100/0/threadedhttps://nvd.nist.govhttps://www.debian.org/security/./dsa-1125https://www.exploit-db.com/exploits/1821/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook