CVE-2006-7109

Medium

6.5/10

Summary

Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal module, allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension such as .php.gif.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: SINGLE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

References

Advisory Timeline

Published Mar 05, 2007

CVE-2006-7109

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS