VYPR

Aggregation Module

by Drupal

CVEs (4)

  • CVE-2008-2999Jul 3, 2008
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2008-3000Jul 3, 2008
    risk 0.00cvss epss 0.01

    The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions.

  • CVE-2008-2998Jul 3, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-3001Jul 3, 2008
    risk 0.00cvss epss 0.03

    The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions.