Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
Max CVSS
7.5
EPSS Score
15.29%
Published
2006-06-06
Updated
2018-10-18
1 vulnerabilities found