CVE-2008-3001

Drupal Aggregation Module - Code Injection

Title source: rule

Description

The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions.

References (4)

Scores

EPSS 0.0220
EPSS Percentile 84.2%

Classification

CWE
CWE-94
Status draft

Affected Products (8)

drupal/aggregation_module
drupal/aggregation_module
drupal/aggregation_module
drupal/aggregation_module
drupal/aggregation_module
drupal/aggregation_module
drupal/aggregation_module
drupal/aggregation_module

Timeline

Published Jul 03, 2008
Tracked Since Feb 18, 2026