CVE-2008-3742 | SynScan

Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2008-3742

Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated.

Published: Aug 27, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-3742
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
drupal / drupal	5.4	5.4.x
drupal / drupal	6.2	6.2.x
drupal / drupal	5.2	5.2.x
drupal / drupal	5.7	5.7.x
drupal / drupal	5.0	5.0.x
drupal / drupal	6.1	6.1.x
drupal / drupal	5.6	5.6.x
drupal / drupal	5.1	5.1.x
drupal / drupal	5.5	5.5.x
drupal / drupal	6.0	6.0.x
drupal / drupal	5.9	5.9.x
drupal / drupal	5.8	5.8.x
drupal / drupal	5.3	5.3.x
drupal / drupal	6.3	6.3.x