CVE-2006-2743

Drupal <4.6.7 & 4.7.0 - RCE

Title source: llm

Description

Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1821

View Code ZIP pw:eip

References (9)

[Patch, Vendor Advisory] http://drupal.org/node/65409

[Patch, Vendor Advisory] http://secunia.com/advisories/20140

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/26655

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/435794/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/18245

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/1821

[Third Party Advisory] http://www.debian.org/security/2006/dsa-1125

[Third Party Advisory] http://secunia.com/advisories/21244

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/1975

Scores

EPSS 0.1594

EPSS Percentile 94.8%

Details

Status published

Products (9)

drupal/drupal 4.6

drupal/drupal 4.6.0

drupal/drupal 4.6.1

drupal/drupal 4.6.2

drupal/drupal 4.6.3

drupal/drupal 4.6.4

drupal/drupal 4.6.5

drupal/drupal 4.6.6

drupal/drupal 4.7.0

Published Jun 01, 2006

Tracked Since Feb 18, 2026