Description
Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated.
Remediation
References
Related Vulnerabilities
WordPress Plugin Hellodialog Unspecified Vulnerability (1.0.2)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.75)
Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-1806)
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-20612)