VYPR

BlogAPI

by Drupal

CVEs (2)

  • CVE-2008-4792Oct 29, 2008
    risk 0.00cvss epss 0.01

    The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values.

  • CVE-2008-3742Aug 27, 2008
    risk 0.00cvss epss 0.03

    Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated.