CVE Vulnerability

CVE-2008-0569

The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 module for Drupal does not properly use functions in the upload module, which allows remote attackers to bypass upload validation, and upload arbitrary files and possibly execute arbitrary code, via unspecified vectors.

6.4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://drupal.org/node/216024
http://secunia.com/advisories/28729 Vendor Advisory
http://drupal.org/node/216035
http://drupal.org/node/216036
http://www.securityfocus.com/bid/27544
http://www.vupen.com/english/advisories/2008/0374/references
Configurations

Configuration 1

cpe:2.3:a:drupal:comment_upload_module:4.7:*:*:*:*:*:*:*
cpe:2.3:a:drupal:comment_upload_module:5.0:*:*:*:*:*:*:*
Information

Published : 2008-02-05 02:00

Updated : 2011-03-08 03:04

NVD link : CVE-2008-0569

Mitre link : CVE-2008-0569

Products Affected

Comment Upload Module

Drupal

CWE
CWE-264