Lucene search

[email protected]CVE-2006-7109

HistoryMar 05, 2007 - 8:19 p.m.

CVE-2006-7109

2007-03-0520:19:00

[email protected]

web.nvd.nist.gov

cve-2006-7109

imce

drupal

file upload

vulnerability

php

nvd

6.7 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.4%

JSON

Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal module, allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension such as .php.gif.

Affected configurations

NVD

Node

drupalimce_moduleRange≤1.5

CPENameOperatorVersion
drupal:imce_moduledrupal imce modulele1.5

CPE	Name	Operator	Version
drupal:imce_module	drupal imce module	le	1.5

References

drupal.org/node/87101

secunia.com/advisories/22261

www.vupen.com/english/advisories/2006/3892

exchange.xforce.ibmcloud.com/vulnerabilities/29325

6.7 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.4%

JSON

Related for CVE-2006-7109

cvelist1 nvd1 hackerone1