Vulnerabilities > David Alkire > Drag Drop Gallery
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-11-30 | CVE-2012-4479 | SQL Injection vulnerability in David Alkire Drag & Drop Gallery 6.X1.5 SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2012-11-30 | CVE-2012-4478 | Cross-Site Request Forgery (CSRF) vulnerability in David Alkire Drag & Drop Gallery 6.X1.5 Cross-site request forgery (CSRF) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to hijack the authentication of administrators. | 6.8 |
| 2012-11-30 | CVE-2012-4477 | Permissions, Privileges, and Access Controls vulnerability in David Alkire Drag & Drop Gallery 6.X1.5 Unspecified vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to bypass access restrictions via unknown attack vectors. | 5.0 |
| 2012-11-30 | CVE-2012-4476 | Cross-Site Scripting vulnerability in David Alkire Drag & Drop Gallery 6.X1.5 Cross-site scripting (XSS) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-11-30 | CVE-2012-4472 | Unspecified vulnerability in David Alkire Drag & Drop Gallery 6.X1.5 Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the directory specified by the filedir parameter. | 5.1 |