Lucene search

[email protected]CVE-2008-0569

HistoryFeb 05, 2008 - 2:00 a.m.

CVE-2008-0569

2008-02-0502:00:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-0569

comment upload

drupal

upload validation

arbitrary code

remote attack

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.5 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.8%

JSON

The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 module for Drupal does not properly use functions in the upload module, which allows remote attackers to bypass upload validation, and upload arbitrary files and possibly execute arbitrary code, via unspecified vectors.

Affected configurations

NVD

Node

drupalcomment_upload_moduleMatch4.7

drupalcomment_upload_moduleMatch5.0

CPENameOperatorVersion
drupal:comment_upload_moduledrupal comment upload moduleeq4.7
drupal:comment_upload_moduledrupal comment upload moduleeq5.0

CPE	Name	Operator	Version
drupal:comment_upload_module	drupal comment upload module	eq	4.7
drupal:comment_upload_module	drupal comment upload module	eq	5.0

References

drupal.org/node/216024

drupal.org/node/216035

drupal.org/node/216036

secunia.com/advisories/28729

www.securityfocus.com/bid/27544

www.vupen.com/english/advisories/2008/0374/references

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.5 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.8%

JSON

Related for CVE-2008-0569

prion1 nvd1 cvelist1