Lucene search

[email protected]CVE-2012-4472

HistoryNov 30, 2012 - 10:55 p.m.

CVE-2012-4472

2012-11-3022:55:01

[email protected]

web.nvd.nist.gov

cve-2012-4472

drupal

security

vulnerability

file upload

php code execution

nvd

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.7%

JSON

Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the directory specified by the filedir parameter.

Affected configurations

NVD

Node

david_alkiredrag_\&_drop_galleryRange≤6.x-1.5

AND

drupaldrupalMatch-

CPENameOperatorVersion
david_alkire:drag_\&_drop_gallerydavid alkire drag & drop galleryle6.x-1.5

CPE	Name	Operator	Version
david_alkire:drag_\&_drop_gallery	david alkire drag & drop gallery	le	6.x-1.5

References

drupal.org/node/1679442

secunia.com/advisories/49698

www.opensyscom.fr/Actualites/drupal-modules-drag-a-drop-gallery-arbitrary-file-upload-vulnerability.html

www.openwall.com/lists/oss-security/2012/10/04/5

www.securityfocus.com/bid/54380

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.7%

JSON

Related for CVE-2012-4472

cvelist1 nvd1 prion1 drupal1