Description

Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated.

Remediation

References

CVE-2008-3742

Related Vulnerabilities

SharePoint Other Vulnerability (CVE-2020-1147)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0122)

WordPress Plugin WP-Business Directory (wp-ttisbdir) Multiple Cross-Site Scripting Vulnerabilities (1.0.2)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-12157)

WordPress Plugin Clean Login Unspecified Vulnerability (1.8)

Severity

Medium

Classification

CVE-2008-3742 CWE-264

Tags

Missing Update Known Vulnerabilities