| Vulnerability Name: | CVE-2008-3001 (CCN-43011) | ||||||||
| Assigned: | 2008-06-11 | ||||||||
| Published: | 2008-06-11 | ||||||||
| Updated: | 2017-08-08 | ||||||||
| Summary: | The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions. Per Hyperlink Record 1026625, Drupal core is not affected. If you do not use the contributed Aggregation module, there is nothing you need to do. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-94 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-3001 Source: CCN Type: DRUPAL-SA-2008-035 Aggregation - Multiple vulnerabilities Source: CONFIRM Type: Patch http://drupal.org/node/269479 Source: CCN Type: SA30618 Drupal Aggregation Module Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 30618 Source: CCN Type: OSVDB ID: 46283 Aggregation Module for Drupal Crafted Feed Arbitrary Code Execution Source: BID Type: UNKNOWN 29677 Source: CCN Type: BID-29677 Drupal Aggregation Module Multiple Vulnerabilities Source: XF Type: UNKNOWN aggregation-unspecified-file-upload(43011) Source: XF Type: UNKNOWN aggregation-unspecified-file-upload(43011) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||