CVE-2006-7110

Description

Directory traversal vulnerability in the delete function in IMCE before 1.6, a Drupal module, allows remote authenticated users to delete arbitrary files via ".." sequences.

Affected products

• Drupal / imce_module1.5

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/29324
• MISChttp://www.securityfocus.com/bid/20312
• MISChttp://drupal.org/node/87101
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/3892
• VENDOR_ADVISORYhttp://secunia.com/advisories/22261