Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal upload module vulnerabilities and exploits
(subscribe to this query)
570
VMScore
CVE-2008-0569
The Comment Upload 4.7.x prior to 4.7.x-0.1 and 5.x prior to 5.x-0.1 module for Drupal does not properly use functions in the upload module, which allows remote malicious users to bypass upload validation, and upload arbitrary files and possibly execute arbitrary code, via unspec...
Drupal Comment Upload Module 4.7
Drupal Comment Upload Module 5.0
490
VMScore
CVE-2008-3745
The Upload module in Drupal 6.x prior to 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors.
Drupal Upload Module
Drupal Drupal 6.1
Drupal Drupal 6.2
Drupal Drupal 6.3
Drupal Drupal 6.0
828
VMScore
CVE-2008-3001
The Aggregation module 5.x prior to 5.x-4.4 for Drupal allows remote malicious users to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions.
Drupal Aggregation Module 3.2
Drupal Aggregation Module 4.0
Drupal Aggregation Module 4.3
Drupal Aggregation Module 5
Drupal Aggregation Module 3.0
Drupal Aggregation Module 3.1
Drupal Aggregation Module 4.1
Drupal Aggregation Module 4.2
756
VMScore
CVE-2007-0505
Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 up to and including 5.x prior to 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue.
Drupal Project 4.7 1.1
Drupal Project 4.7 2.1
Drupal Project 4.6 1.1
Drupal Project 4.7
Drupal Project Issue Tracking Module 5.0
Drupal Project 5.0
Drupal Project Issue Tracking Module 4.7
Drupal Project 4.6
Drupal Project Issue Tracking Module 4.7 1.1
Drupal Project Issue Tracking Module 4.7 2.1
570
VMScore
CVE-2008-0577
The Project Issue Tracking module 5.x-2.x-dev prior to 20080130 in the 5.x-2.x series, 5.x-1.2 and previous versions in the 5.x-1.x series, 4.7.x-2.6 and previous versions in the 4.7.x-2.x series, and 4.7.x-1.6 and previous versions in the 4.7.x-1.x series for Drupal (1) does not...
Drupal Project Issue Tracking Module 4.7
Drupal Project Issue Tracking Module 5.0
578
VMScore
CVE-2006-7109
Unrestricted file upload vulnerability in IMCE prior to 1.6, a Drupal module, allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension such as .php.gif.
Drupal Imce Module
605
VMScore
CVE-2015-4379
Cross-site request forgery (CSRF) vulnerability in the Webform Multiple File Upload module 6.x-1.x prior to 6.x-1.3 and 7.x-1.x prior to 7.x-1.3 for Drupal allows remote malicious users to hijack the authentication of certain users for requests that delete files via unspecified v...
Webform Multiple File Upload Project Webform Multiple File Upload 6.x-1.1
Webform Multiple File Upload Project Webform Multiple File Upload 6.x-1.2
Webform Multiple File Upload Project Webform Multiple File Upload 7.x-1.x
Webform Multiple File Upload Project Webform Multiple File Upload 7.x-1.2
Webform Multiple File Upload Project Webform Multiple File Upload 6.x-1.0
534
VMScore
CVE-2008-4790
The core upload module in Drupal 5.x prior to 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.
Drupal Drupal 5.5
Drupal Drupal 5.4
Drupal Drupal 5.0
Drupal Drupal 5.3
Drupal Drupal 5.2
Drupal Drupal 5.9
Drupal Drupal 5.8
Drupal Drupal 5.1
Drupal Drupal 5.7
Drupal Drupal 5.6
Drupal Drupal
490
VMScore
CVE-2010-3092
The upload module in Drupal 5.x prior to 5.23 and 6.x prior to 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different...
Drupal Drupal 5.0
Drupal Drupal 5.10
Drupal Drupal 5.11
Drupal Drupal 5.12
Drupal Drupal 5.13
Drupal Drupal 5.14
Drupal Drupal 5.2
Drupal Drupal 5.3
Drupal Drupal 5.4
Drupal Drupal 5.5
Drupal Drupal 5.19
Drupal Drupal 5.20
Drupal Drupal 5.21
Drupal Drupal 5.22
Drupal Drupal 5.1
Drupal Drupal 5.6
Drupal Drupal 5.8
Drupal Drupal 5.15
Drupal Drupal 5.17
Drupal Drupal 5.7
Drupal Drupal 5.9
Drupal Drupal 5.16
578
VMScore
CVE-2008-3742
Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x prior to 5.10 and 6.x prior to 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated.
Drupal Drupal 5.0
Drupal Drupal 5.7
Drupal Drupal 5.8
Drupal Drupal 5.5
Drupal Drupal 5.6
Drupal Drupal 6.3
Drupal Drupal 5.3
Drupal Drupal 5.4
Drupal Drupal 6.1
Drupal Drupal 6.2
Drupal Drupal 5.1
Drupal Drupal 5.2
Drupal Drupal 5.9
Drupal Drupal 6.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »