You are here

U-199: Drupal Drag & Drop Gallery Module Arbitrary File Upload Vulnerability

June 26, 2012 - 7:00am

Addthis

PROBLEM:

A vulnerability has been reported in the Drag & Drop Gallery module for Drupal, which can be exploited by malicious people to compromise a vulnerable system.

PLATFORM:

Drupal Drag & Drop Gallery Module 6.x

ABSTRACT:

The vulnerability is caused due to the sites/all/modules/dragdrop_gallery/upload.php script improperly validating uploaded files, which can be exploited to execute arbitrary PHP code by uploading a PHP file with e.g. an appended ".gif" file extension.

Reference Links:

Original Advisory
Secunia ID 49698
No Current CVE Reference

IMPACT ASSESSMENT:

High

Discussion:

Successful exploitation requires that Apache is not configured to handle the mime-type for media files with e.g. a ".gif" extension (Configured to handle by default). The vulnerability is confirmed in version 6.x-1.5. Other versions may also be affected.

Impact:

System access from remote

Solution:

Restrict access to the sites/all/modules/dragdrop_gallery/upload.php script (e.g. via .htaccess).

Addthis