Unrated severityNVD Advisory· Published Jun 1, 2006· Updated Jun 16, 2026
CVE-2006-2743
CVE-2006-2743
Description
Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10cpe:2.3:a:drupal:drupal:4.6:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:drupal:drupal:4.6:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.7.0:*:*:*:*:*:*:*
- (no CPE)range: >=4.6.0, <4.6.7; =4.7.0
Patches
Vulnerability mechanics
References
9- drupal.org/node/65409nvdPatchVendor Advisory
- secunia.com/advisories/20140nvdPatchVendor Advisory
- secunia.com/advisories/21244nvd
- www.debian.org/security/2006/dsa-1125nvd
- www.securityfocus.com/archive/1/435794/100/0/threadednvd
- www.securityfocus.com/bid/18245nvd
- www.vupen.com/english/advisories/2006/1975nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/26655nvd
- www.exploit-db.com/exploits/1821nvd
News mentions
0No linked articles in our index yet.