Описание
Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated.
Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-3742
- https://bugzilla.redhat.com/show_bug.cgi?id=459108
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44447
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00259.html
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00508.html
- http://drupal.org/node/295053
- http://secunia.com/advisories/31462
- http://secunia.com/advisories/31825
- http://www.securityfocus.com/bid/30689
- http://www.vupen.com/english/advisories/2008/2392
EPSS
CVE ID
Связанные уязвимости
Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated.
Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated.
Unrestricted file upload vulnerability in the BlogAPI module in Drupal ...
EPSS