Drupal : Security Vulnerabilities, CVEs, Published In 2008 (Code Execution) CVSS score >= 2
Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated.
Max CVSS
6.5
EPSS Score
1.44%
Published
2008-08-27
Updated
2017-08-08
The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions.
Max CVSS
9.3
EPSS Score
3.73%
Published
2008-07-03
Updated
2017-08-08
The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 module for Drupal does not properly use functions in the upload module, which allows remote attackers to bypass upload validation, and upload arbitrary files and possibly execute arbitrary code, via unspecified vectors.
Max CVSS
6.4
EPSS Score
2.11%
Published
2008-02-05
Updated
2011-03-08
Unspecified vulnerability in the Fileshare module for Drupal allows remote authenticated users with node-creation privileges to execute arbitrary code via unspecified vectors.
Max CVSS
8.5
EPSS Score
0.37%
Published
2008-01-15
Updated
2017-08-08
Unspecified vulnerability in the Meta Tags (aka Nodewords) 5.x-1.6 module for Drupal, when images are permitted in node bodies, allows remote authenticated users to execute arbitrary code via unspecified vectors involving creation of a node.
Max CVSS
6.8
EPSS Score
3.33%
Published
2008-01-15
Updated
2017-08-08
5 vulnerabilities found