Vulnerabilities > CVE-2006-2832 - Input Validation vulnerability in Drupal
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 11 |
Nessus
| NASL family | Debian Local Security Checks |
| NASL id | DEBIAN_DSA-1125.NASL |
| description | The Drupal update in DSA 1125 contained a regression. This update corrects this flaw. For completeness, the original advisory text below : Several remote vulnerabilities have been discovered in the Drupal website platform, which may lead to the execution of arbitrary web script. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-2742 A SQL injection vulnerability has been discovered in the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 22667 |
| published | 2006-10-14 |
| reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/22667 |
| title | Debian DSA-1125-2 : drupal - several vulnerabilities |
References
- http://drupal.org/files/sa-2006-007/advisory.txt
- http://drupal.org/node/66763
- http://secunia.com/advisories/21244
- http://securityreason.com/securityalert/1042
- http://www.debian.org/security/2006/dsa-1125
- http://www.securityfocus.com/archive/1/435792/100/0/threaded
- http://www.securityfocus.com/bid/18245