Drupal BlogAPI Remote Code Execution Exploit

The BlogAPI module does not validate the extension of files that it is used to upload, enabling users with the "administer content with blog api" permission to upload harmful files. This module uploads an IMPACT agent, creates a php file to execute the agent and then makes a request to the file. The result is an IMPACT agent running on the webserver.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2008-4792
Product Version: 
8.0
Released Date: 
Monday, June 29, 2009 - 00:00