CVE-2006-3676

2006-07-24T12:19:00
ID CVE-2006-3676
Type cve
Reporter cve@mitre.org
Modified 2018-10-18T16:48:00

Description

admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote attackers to execute arbitrary PHP code by uploading files with a double extension and directly accessing the file in the images directory, which bypasses a regular expression check for safe file types. Successful exploitation requires administrative user privileges. This vulnerability is addressed in the following product release: PlaNet Concept, planetGallery, 14.07.2006