Description

Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated.

Remediation

References

CVE-2008-3742

Related Vulnerabilities

WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Security Bypass (3.0.1)

XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2022-41934)

Joomla URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-24598)

WordPress Plugin Online Hotel Booking System Pro SQL Injection (1.0)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0046)

Severity

Medium

Classification

CVE-2008-3742 CWE-264

Tags

Missing Update Known Vulnerabilities