Info

Last Modified

7 months ago

Percent Complete

55%

Disclosure

Jan 30, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

This Entry needs help! It is only 55% Complete. Click the edit link above to add more information.

Contributing is fast and easy, and benefits the entire security community.

Description

(Description Provided by CVE) : The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 module for Drupal does not properly use functions in the upload module, which allows remote attackers to bypass upload validation, and upload arbitrary files and possibly execute arbitrary code, via unspecified vectors.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Disclosure: Vendor Verified

Technical

Successful exploitation requires "upload files" permissions.

Solution

Upgrade to version 4.7.x-0.1 or 5.x-0.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Unknown or Incomplete

References

Bugtraq ID: 27544
Vendor Specific News/Changelog Entry: http://drupal.org/node/216024
ISS X-Force ID: 40110
Secunia Advisory ID: 28729
CVE ID: 2008-0569 (see also: NVD)

Credit

webernet -

Blogs

Provided by Technorati

2008/02/05 18:29:25 | CVE-2008-0569 (Comment Upload Module)

from: HeapOverflow Computer Security Community & Forums : Heap Overflow.com

The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 module for Drupal does not properly use functions in the upload module, which allows remote attackers to bypass upload validation, and upload arbitrary files and possibly execute arbitrary code, via unspecified vectors. More...

2008/02/05 18:45:50 | CVE-2008-0569 (Comment Upload Module)

from: Badware Watch

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches