RSS   Vulnerabilities for 'Drag & drop gallery'   RSS

2012-11-30
 
CVE-2012-4479

CWE-89
 

 
SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

 
 
CVE-2012-4478

CWE-352
 

 
Cross-site request forgery (CSRF) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to hijack the authentication of administrators.

 
 
CVE-2012-4477

CWE-264
 

 
Unspecified vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to bypass access restrictions via unknown attack vectors.

 
 
CVE-2012-4476

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

 
 
CVE-2012-4472

CWE-Other
 

 
Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the directory specified by the filedir parameter.

 

 >>> Vendor: David alkire 2 Products
Drag & drop gallery
Email2image


Copyright 2024, cxsecurity.com

 

Back to Top