Vulnerabilities > CVE-2006-2831 - Input Validation vulnerability in Drupal
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 11 |
Nessus
| NASL family | Debian Local Security Checks |
| NASL id | DEBIAN_DSA-1125.NASL |
| description | The Drupal update in DSA 1125 contained a regression. This update corrects this flaw. For completeness, the original advisory text below : Several remote vulnerabilities have been discovered in the Drupal website platform, which may lead to the execution of arbitrary web script. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-2742 A SQL injection vulnerability has been discovered in the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 22667 |
| published | 2006-10-14 |
| reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/22667 |
| title | Debian DSA-1125-2 : drupal - several vulnerabilities |
References
- http://drupal.org/files/sa-2006-007/advisory.txt
- http://drupal.org/node/66763
- http://secunia.com/advisories/21244
- http://securityreason.com/securityalert/1042
- http://www.debian.org/security/2006/dsa-1125
- http://www.securityfocus.com/archive/1/435792/100/0/threaded
- http://www.securityfocus.com/bid/18245