CVE-2004-1466

2004-12-31T05:00:00
ID CVE-2004-1466
Type cve
Reporter cve@mitre.org
Modified 2017-07-11T01:31:00

Description

The set_time_limit function in Gallery before 1.4.4_p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using save_photos.php, which allows remote attackers to upload and execute execute arbitrary scripts before they are deleted, if the temporary directory is under the web root.