CVE-2009-4819

2010-04-27T15:30:00
ID CVE-2009-4819
Type cve
Reporter cve@mitre.org
Modified 2017-08-17T01:31:00

Description

Multiple unrestricted file upload vulnerabilities in upload.php in PHPhotoalbum allow remote attackers to execute arbitrary code by uploading a file with a (1) .php.pgif or (2) .php.pjpeg double extension, then accessing it via a direct request to the file in albums/userpics/. Per: http://cwe.mitre.org/data/definitions/434.html

'CWE-434: Unrestricted Upload of File with Dangerous Type'