* Advisory ID: DRUPAL-SA-2006-007
* Project: Drupal core and potentially any web application that accepts uploads.
* Date: 2006-Jun-01
* Security risk: highly critical
* Impact: Drupal core
* Exploitable from: remote
* Vulnerability: Execution of arbitrary files

Подробности: http://drupal.org/node/66763