CVE-2008-2998
- EPSS 1.03%
- Veröffentlicht 03.07.2008 18:41:00
- Zuletzt bearbeitet 16.06.2026 22:54:53
Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-2999
- EPSS 1.06%
- Veröffentlicht 03.07.2008 18:41:00
- Zuletzt bearbeitet 16.06.2026 22:54:54
Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-3000
- EPSS 1.16%
- Veröffentlicht 03.07.2008 18:41:00
- Zuletzt bearbeitet 16.06.2026 22:54:54
The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions.
CVE-2008-3001
- EPSS 3.37%
- Veröffentlicht 03.07.2008 18:41:00
- Zuletzt bearbeitet 16.06.2026 22:54:54
The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions.