PT-2008-4434 · Drupal · Drupal Aggregation Module

Published

2008-07-03

Updated

2017-08-08

CVE-2008-3001

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Drupal Aggregation module versions prior to 5.x-4.4

Description The issue allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions.

Recommendations For versions prior to 5.x-4.4, update to version 5.x-4.4 or later to resolve the issue.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2008-3001

Affected Products

Drupal Aggregation Module

PT-2008-4434 · Drupal · Drupal Aggregation Module

CVE-2008-3001

Weakness Enumeration

Related Identifiers

Affected Products

References · 5