CVE

Id
57715  
CVE No.
CVE-2012-4472  
Status
Candidate  
Description
Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the directory specified by the filedir parameter.  
Phase
Assigned (20120821)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
595078 57715 CVE-2012-4472 MLIST:[oss-security] 20121003 Re: CVE Request for Drupal Contributed Modules  View
595079 57715 CVE-2012-4472 URL:http://www.openwall.com/lists/oss-security/2012/10/04/5  View
595080 57715 CVE-2012-4472 MISC:http://drupal.org/node/1679442  View
595081 57715 CVE-2012-4472 MISC:http://www.opensyscom.fr/Actualites/drupal-modules-drag-a-drop-gallery-arbitrary-file-upload-vulnerability.html  View
595082 57715 CVE-2012-4472 BID:54380  View
595083 57715 CVE-2012-4472 URL:http://www.securityfocus.com/bid/54380  View
595084 57715 CVE-2012-4472 SECUNIA:49698  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
29904 JVNDB-2012-005611 Drupal 用 Drag & Drop Gallery モジュールにおけるアクセス制限を回避される脆弱性 Drupal 用 Drag & Drop Gallery モジュールには、アクセス制限を回避される脆弱性が存在します。 CVE-2012-4477 57715 5 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005611.html  View