CVE-2006-7109 Information

Description

Unrestricted file upload vulnerability in IMCE before 1.6 a Drupal module allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension such as .php.gif.

Reference

http://drupal.org/node/87101 http://secunia.com/advisories/22261 http://www.vupen.com/english/advisories/2006/3892 https://exchange.xforce.ibmcloud.com/vulnerabilities/29325