Описание
Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | DNE | |
| edgy | released | 4.5.8-2 |
| feisty | ignored | end of life, was needed |
| gutsy | DNE | |
| hardy | DNE | |
| intrepid | DNE | |
| jaunty | DNE | |
| karmic | DNE | |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
5.1 Medium
CVSS2
Связанные уязвимости
Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_m ...
Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
EPSS
5.1 Medium
CVSS2