6.4

CVE-2008-0569

EPSS 1.06%
Veröffentlicht 05.02.2008 02:00:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 module for Drupal does not properly use functions in the upload module, which allows remote attackers to bypass upload validation, and upload arbitrary files and possibly execute arbitrary code, via unspecified vectors.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Drupal ≫ Comment Upload Module Version4.7

Drupal ≫ Comment Upload Module Version5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.06%	0.756

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

http://drupal.org/node/216024

http://drupal.org/node/216035

http://drupal.org/node/216036

http://secunia.com/advisories/28729

Vendor Advisory

http://www.securityfocus.com/bid/27544

http://www.vupen.com/english/advisories/2008/0374/references

https://nvd.nist.gov/vuln/detail/CVE-2008-0569

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-0569

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-0569

EUVD