A vulnerability has been reported in the Drag & Drop Gallery module for Drupal, which can be exploited by malicious people to compromise a vulnerable system.
Drupal Drag & Drop Gallery Module 6.x
The vulnerability is caused due to the sites/all/modules/dragdrop_gallery/upload.php script improperly validating uploaded files, which can be exploited to execute arbitrary PHP code by uploading a PHP file with e.g. an appended ".gif" file extension.
Successful exploitation requires that Apache is not configured to handle the mime-type for media files with e.g. a ".gif" extension (Configured to handle by default). The vulnerability is confirmed in version 6.x-1.5. Other versions may also be affected.
System access from remote
Restrict access to the sites/all/modules/dragdrop_gallery/upload.php script (e.g. via .htaccess).