CVE-2006-2743

Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with modmime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory...