Vulnerabilities > Drupal > Imce Module > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-03-05 | CVE-2006-7110 | Unspecified vulnerability in Drupal Imce Module Directory traversal vulnerability in the delete function in IMCE before 1.6, a Drupal module, allows remote authenticated users to delete arbitrary files via ".." sequences. | 5.5 |
2007-03-05 | CVE-2006-7109 | File-Upload vulnerability in Imce Module Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal module, allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension such as .php.gif. | 6.5 |