CVE-2008-0577

EPSS 0.25%
Veröffentlicht 05.02.2008 02:00:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The Project Issue Tracking module 5.x-2.x-dev before 20080130 in the 5.x-2.x series, 5.x-1.2 and earlier in the 5.x-1.x series, 4.7.x-2.6 and earlier in the 4.7.x-2.x series, and 4.7.x-1.6 and earlier in the 4.7.x-1.x series for Drupal (1) does not restrict the extensions of attached files when the Upload module is enabled for issue nodes, which allows remote attackers to upload and possibly execute arbitrary files; and (2) accepts the .html extension within the bundled file-upload functionality, which allows remote attackers to upload files containing arbitrary web script or HTML.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Drupal ≫ Project Issue Tracking Module Version4.7

Drupal ≫ Project Issue Tracking Module Version5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.457

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

http://secunia.com/advisories/28731

Vendor Advisory

http://www.vupen.com/english/advisories/2008/0376/references

http://drupal.org/node/216063

https://nvd.nist.gov/vuln/detail/CVE-2008-0577

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-0577

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-0577

EUVD