Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3742

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2008-3742
Last Modified 07 Mar 2011 10:11:20
Published 27 Aug 2008 11:21:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-3742

Summary

Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated.

Vulnerable Systems

Application

  • Drupal 5.0

  • Drupal 5.1

  • Drupal 5.2

  • Drupal 5.3

  • Drupal 5.4

  • Drupal 5.5

  • Drupal 5.6

  • Drupal 5.7

  • Drupal 5.8

  • Drupal 5.9

  • Drupal 6.0

  • Drupal 6.1

  • Drupal 6.2

  • Drupal 6.3


References

FEDORA - FEDORA-2008-7626

FEDORA - FEDORA-2008-7467

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=459108

XF - drupal-blogapi-file-upload(44447)

VUPEN - ADV-2008-2392

BID - 30689

SECUNIA - 31825

SECUNIA - 31462

CONFIRM - http://drupal.org/node/295053


Last Updated: 27 May 2016 10:48:18