CVE-2006-2831
Drupal 4.6.x < 4.6.8 and 4.7.x < 4.7.2 - Remote Code Execution via Multiple Extension File Upload
Title source: llmDescription
Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
References (7)
Core 7
Core References
Patch x_refsource_confirm
http://drupal.org/node/66763
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/18245
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/435792/100/0/threaded
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1125
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21244
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/1042
Patch, Vendor Advisory x_refsource_confirm
http://drupal.org/files/sa-2006-007/advisory.txt
Scores
EPSS
0.0210
EPSS Percentile
84.3%
Details
Status
published
Products (11)
drupal/drupal
4.6
drupal/drupal
4.6.0
drupal/drupal
4.6.1
drupal/drupal
4.6.2
drupal/drupal
4.6.3
drupal/drupal
4.6.4
drupal/drupal
4.6.5
drupal/drupal
4.6.6
drupal/drupal
4.6.7
drupal/drupal
4.7.0
... and 1 more
Published
Jun 06, 2006
Tracked Since
Feb 18, 2026