Unrated severityNVD Advisory· Published Jun 6, 2006· Updated Jun 16, 2026

CVE-2006-2831

Description

Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Drupal/Drupal12 versions
cpe:2.3:a:drupal:drupal:4.6:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:drupal:drupal:4.6:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:4.7.1:*:*:*:*:*:*:*
- (no CPE)range: >= 4.6.0, < 4.6.8 || >= 4.7.0, < 4.7.2

Patches

Vulnerability mechanics

References

drupal.org/files/sa-2006-007/advisory.txtnvdPatchVendor Advisory
drupal.org/node/66763nvdPatch
secunia.com/advisories/21244nvd
securityreason.com/securityalert/1042nvd
www.debian.org/security/2006/dsa-1125nvd
www.securityfocus.com/archive/1/435792/100/0/threadednvd
www.securityfocus.com/bid/18245nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000