CVE-2012-4472

Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the directory specified by the filedir parameter.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:david_alkire:drag_\&_drop_gallery:*:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-11-30 22:55

Updated : 2024-02-28 12:00


NVD link : CVE-2012-4472

Mitre link : CVE-2012-4472

CVE.ORG link : CVE-2012-4472


JSON object : View

Products Affected

david_alkire

  • drag_\&_drop_gallery

drupal

  • drupal