File Upload Vulnerability in Drupal's Project Issue Tracking Module
CVE-2008-0577

Currently unrated

Key Information:

Vendor: Drupal
Status: Project Issue Tracking Module
Vendor: CVE Published:; 5 February 2008

Summary

The Project Issue Tracking module for Drupal contains vulnerabilities that allow attackers to bypass file extension restrictions in the Upload module. This flaw enables unauthorized file uploads, including the possibility of executing arbitrary scripts. Specifically, the module's failure to restrict file types allows the upload of HTML files, which could lead to potential remote code execution if these malicious files are processed by the server.

References

http://www.vupen.com/english/advisories/2008/0376/references

vdb-entryx_refsource_VUPEN

http://drupal.org/node/216063

x_refsource_CONFIRM

http://secunia.com/advisories/28731

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Feb 5, 2008
Vulnerability Reserved
Feb 4, 2008