IMCE for Drupal Delete Function Arbitrary File Deletion

2006-10-02T11:34:12
ID OSVDB:29465
Type osvdb
Reporter OSVDB
Modified 2006-10-02T11:34:12

Description

Solution Description

Upgrade to version 4.7.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor Specific Advisory URL Secunia Advisory ID:22261 Related OSVDB ID: 29466 Keyword: DRUPAL-SA-2006-023 ISS X-Force ID: 29324 FrSIRT Advisory: ADV-2006-3892 CVE-2006-7110 Bugtraq ID: 20312