CVE-2006-2743

Published Jun 1, 2006

Last updated 6 years ago

Overview

Description: Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.1
Impact score: 6.4
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Evaluator

Comment: -
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:4.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46D3F002-92E8-4CBB-8A1D-F8BCD2F782E4"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:4.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95DA206C-EF72-4379-9ED8-795FCAD0BE19"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:4.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC5ACB7E-0CEB-4417-839A-8B06615FC981"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:4.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35BD7D35-AA9D-4589-A6BC-6D34219B7128"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:4.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "611B9D43-CE88-4451-A27C-7F6F24016B4F"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:4.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD1A7208-6273-4CC6-AB7B-DA855EEF2729"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:4.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83457EB5-BA6B-4ECB-8CB2-A10989B3A9F9"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:4.6.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49A92C9C-18DD-4FF7-A95D-72EE72C83C0E"
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:4.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94D0FD99-066F-4161-9524-01DD01F31527"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Evaluator

Configurations

References