CVE-2006-7109

Description

Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal module, allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension such as .php.gif.

Affected products

• Drupal / imce_module1.5

References

• MISChttp://drupal.org/node/87101
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/3892
• VENDOR_ADVISORYhttp://secunia.com/advisories/22261
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/29325