6.5

CVE-2008-3742

Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DrupalDrupal Version5.0
DrupalDrupal Version5.1
DrupalDrupal Version5.2
DrupalDrupal Version5.3
DrupalDrupal Version5.4
DrupalDrupal Version5.5
DrupalDrupal Version5.6
DrupalDrupal Version5.7
DrupalDrupal Version5.8
DrupalDrupal Version5.9
DrupalDrupal Version6.0
DrupalDrupal Version6.1
DrupalDrupal Version6.2
DrupalDrupal Version6.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.54% 0.83
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://drupal.org/node/295053
http://secunia.com/advisories/31462
http://secunia.com/advisories/31825
http://www.securityfocus.com/bid/30689
http://www.vupen.com/english/advisories/2008/2392
https://bugzilla.redhat.com/show_bug.cgi?id=459108
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00259.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00508.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/44447