Vulnerabilities

CVE-2012-4472

by Fred · 30/11/2012

Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the directory specified by the filedir parameter.

Date published : 2012-11-30

http://www.securityfocus.com/bid/54380

http://drupal.org/node/1679442

Similar

Tags: Cybersecurity Alert