Description

Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated.

Remediation

References

CVE-2008-3742

Related Vulnerabilities

e107 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-2750)

MySQL CVE-2016-0647 Vulnerability (CVE-2016-0647)

MySQL CVE-2018-3170 Vulnerability (CVE-2018-3170)

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-6503)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Scripting (3.4.22.1)

Severity

Medium

Classification

CVE-2008-3742 CWE-264

Tags

Missing Update Known Vulnerabilities