• info
• discussion
• exploit
• solution
• references

Imce Module CVE-2006-7109 File-Upload Vulnerability

Imce Module is prone to a file-upload vulnerability. Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal module, allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension such as .php.gif.