Vulnerabilities > Drupal > Imce Module > Medium

DATE CVE VULNERABILITY TITLE RISK
2007-03-05 CVE-2006-7110 Unspecified vulnerability in Drupal Imce Module
Directory traversal vulnerability in the delete function in IMCE before 1.6, a Drupal module, allows remote authenticated users to delete arbitrary files via ".." sequences.
network
low complexity
drupal
5.5
2007-03-05 CVE-2006-7109 File-Upload vulnerability in Imce Module
Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal module, allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension such as .php.gif.
network
low complexity
drupal
6.5