QwikSec

Security Database

CVE

CWE

Training

CVE-2012-4472

Published: Nov 30, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the directory specified by the filedir parameter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.opensyscom.fr/Actualites/drupal-modules-drag-a-drop-gallery-arbitrary-file-upload-vulnerability.html

x_refsource_MISC

vdb-entry

x_refsource_BID

[oss-security] 20121003 Re: CVE Request for Drupal Contributed Modules

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

http://drupal.org/node/1679442

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.