Vulnerabilities > CVE-2006-2743 - Unspecified vulnerability in Drupal
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 9 |
Exploit-Db
| description | Drupal <= 4.7 (attachment mod_mime) Remote Exploit. CVE-2006-2743. Webapps exploit for php platform |
| file | exploits/php/webapps/1821.php |
| id | EDB-ID:1821 |
| last seen | 2016-01-31 |
| modified | 2006-05-24 |
| platform | php |
| port | |
| published | 2006-05-24 |
| reporter | rgod |
| source | https://www.exploit-db.com/download/1821/ |
| title | Drupal <= 4.7 attachment mod_mime Remote Exploit |
| type | webapps |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1125.NASL description The Drupal update in DSA 1125 contained a regression. This update corrects this flaw. For completeness, the original advisory text below : Several remote vulnerabilities have been discovered in the Drupal website platform, which may lead to the execution of arbitrary web script. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-2742 A SQL injection vulnerability has been discovered in the last seen 2020-06-01 modified 2020-06-02 plugin id 22667 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22667 title Debian DSA-1125-2 : drupal - several vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_40A0185FEC3211DABE02000C6EC775D9.NASL description The Drupal team reports : Vulnerability: SQL injection A security vulnerability in the database layer allowed certain queries to be submitted to the database without going through Drupal last seen 2020-06-01 modified 2020-06-02 plugin id 21647 published 2006-06-06 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21647 title FreeBSD : drupal -- multiple vulnerabilities (40a0185f-ec32-11da-be02-000c6ec775d9)
References
- http://drupal.org/node/65409
- http://secunia.com/advisories/20140
- http://www.securityfocus.com/bid/18245
- http://www.debian.org/security/2006/dsa-1125
- http://secunia.com/advisories/21244
- http://www.vupen.com/english/advisories/2006/1975
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26655
- https://www.exploit-db.com/exploits/1821
- http://www.securityfocus.com/archive/1/435794/100/0/threaded