Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal module, allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension such as .php.gif.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Imce_module |
Drupal |
* |
1.5 (including) |
References