Drupal BlogAPI Remote Execution Exploit Update 3

The BlogAPI module does not validate the extension of files that it is used to upload, enabling users with the "administer content with blog api" permission to upload harmful files. This module uploads an IMPACT agent, creates a php file to execute the agent and then makes a request to the file. The result is an IMPACT agent running on the webserver. This update adds support for Solaris platforms.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2008-4792
Product Version: 
10.5
Released Date: 
Friday, October 22, 2010 - 00:00