CVE-2008-0569
Comment Upload Module for Drupal - Arbitrary File Upload and Possible Remote Code Execution
Title source: llmDescription
The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 module for Drupal does not properly use functions in the upload module, which allows remote attackers to bypass upload validation, and upload arbitrary files and possibly execute arbitrary code, via unspecified vectors.
References (6)
Core 6
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0374/references
Various Sources x_refsource_confirm
http://drupal.org/node/216024
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28729
Various Sources x_refsource_confirm
http://drupal.org/node/216036
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27544
Various Sources x_refsource_confirm
http://drupal.org/node/216035
Scores
EPSS
0.0113
EPSS Percentile
78.6%
Details
CWE
CWE-264
Status
published
Products (2)
drupal/comment_upload_module
4.7
drupal/comment_upload_module
5.0
Published
Feb 05, 2008
Tracked Since
Feb 18, 2026