Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the directory specified by the filedir parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Drupal Drag & Drop Gallery模块代码注入漏洞
Vulnerability Description
Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。 Drupal平台上的Drag & Drop Gallery模块6.x-1.5以及更早版本的upload.php中存在不受限制的文件上传漏洞。通过上传在安全扩展名后面带有可执行扩展名的文件,并通过发送直接请求到由filedir参数所指定的目录以此访问该文件,远程攻击者可利用该漏洞执行任意PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A