CVE-2008-3001

Published: Jul 3, 2008Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions.

Affected (8)

Products: Drupal: Aggregation Module

1 product

Aggregation Module

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Drupal Aggregation Module	Version 3.0
Drupal Aggregation Module	Version 3.1
Drupal Aggregation Module	Version 3.2
Drupal Aggregation Module	Version 4.0
Drupal Aggregation Module	Version 4.1
Drupal Aggregation Module	Version 4.2
Drupal Aggregation Module	Version 4.3
Drupal Aggregation Module	Version 5

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (8)

http://drupal.org/node/269479

Source: cve@mitre.org

Patch

http://secunia.com/advisories/30618

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/29677

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/43011

Source: cve@mitre.org

http://drupal.org/node/269479

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://secunia.com/advisories/30618

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/29677

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/43011

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.