File Upload Vulnerability in Aggregation Module for Drupal
CVE-2008-3001

Currently unrated

Key Information:

Vendor: Drupal
Status: Aggregation Module
Vendor: CVE Published:; 3 July 2008

Summary

The Aggregation module for Drupal versions prior to 5.x-4.4 is susceptible to a file upload vulnerability that allows remote attackers to upload files with arbitrary extensions. This exploitation can potentially lead to the execution of arbitrary code on the server, thereby posing significant security risks. The issue arises from the module's handling of crafted feeds, which do not adequately validate file types before processing uploads. This flaw emphasizes the need for robust validation mechanisms to protect against unauthorized actions on web platforms.

References

http://drupal.org/node/269479

x_refsource_CONFIRM

http://www.securityfocus.com/bid/29677

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/43011

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jul 3, 2008
Vulnerability Reserved
Jul 3, 2008