VYPR

IMCE

by Drupal

CVEs (2)

  • CVE-2006-7109Mar 5, 2007
    risk 0.00cvss epss 0.01

    Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal module, allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension such as .php.gif.

  • CVE-2006-7110Mar 5, 2007
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in the delete function in IMCE before 1.6, a Drupal module, allows remote authenticated users to delete arbitrary files via ".." sequences.