6.4
CVE-2008-0569
- EPSS 2.54%
- Veröffentlicht 05.02.2008 02:00:00
- Zuletzt bearbeitet 16.06.2026 22:49:53
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 module for Drupal does not properly use functions in the upload module, which allows remote attackers to bypass upload validation, and upload arbitrary files and possibly execute arbitrary code, via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Drupal ≫ Comment Upload Module Version4.7
Drupal ≫ Comment Upload Module Version5.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.54% | 0.83 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:P/A:N
|
http://drupal.org/node/216024
http://drupal.org/node/216035
http://drupal.org/node/216036
http://secunia.com/advisories/28729
http://www.securityfocus.com/bid/27544
http://www.vupen.com/english/advisories/2008/0374/references