Drupal : Security Vulnerabilities, CVEs, Published In 2008 CVSS score >= 9
The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions.
Max CVSS
9.3
EPSS Score
3.73%
Published
2008-07-03
Updated
2017-08-08
Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors.
Max CVSS
10.0
EPSS Score
1.15%
Published
2008-02-19
Updated
2017-08-08
Unspecified vulnerability in the IP-authentication feature in the Secure Site 5.x-1.0 and 4.7.x-1.0 module for Drupal allows remote attackers to gain the privileges of a user who has authenticated from behind the same proxy server as the attacker.
Max CVSS
10.0
EPSS Score
0.79%
Published
2008-02-05
Updated
2011-03-08
3 vulnerabilities found