CVE-2005-2106

Drupal <4.5.4-4.6.2 - RCE

Title source: llm

Description

Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting.

Exploits (1)

exploitdb WORKING POC VERIFIED

by dab · perlwebappsphp

https://www.exploit-db.com/exploits/1088

View Code ZIP pw:eip

References (5)

[Patch, Vendor Advisory] http://secunia.com/advisories/15872

[Mailing List] http://marc.info/?l=bugtraq&m=112015287827452&w=2

[Various Sources] http://www.drupal.org/security/drupal-sa-2005-002/advisory.txt

[Third Party Advisory] http://www.debian.org/security/2005/dsa-745

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/14110

Scores

EPSS 0.0524

EPSS Percentile 90.0%

Details

Status published

Products (6)

drupal/drupal 4.5.0

drupal/drupal 4.5.1

drupal/drupal 4.5.2

drupal/drupal 4.5.3

drupal/drupal 4.6.0

drupal/drupal 4.6.1

Published Jul 05, 2005

Tracked Since Feb 18, 2026