Vulnerability Description
Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Drupal | Drupal | 5.0 |
Related Weaknesses (CWE)
References
- http://drupal.org/node/295053
- http://secunia.com/advisories/31462
- http://secunia.com/advisories/31825
- http://www.securityfocus.com/bid/30689
- http://www.vupen.com/english/advisories/2008/2392
- https://bugzilla.redhat.com/show_bug.cgi?id=459108
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44447
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00259.
- https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00508.
- http://drupal.org/node/295053
- http://secunia.com/advisories/31462
- http://secunia.com/advisories/31825
- http://www.securityfocus.com/bid/30689
- http://www.vupen.com/english/advisories/2008/2392
- https://bugzilla.redhat.com/show_bug.cgi?id=459108
FAQ
What is CVE-2008-3742?
CVE-2008-3742 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an execut...
How severe is CVE-2008-3742?
CVE-2008-3742 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3742?
Check the references section above for vendor advisories and patch information. Affected products include: Drupal Drupal.