Code injection

2007-01-0511:28:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

89.0%

JSON

users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts.

CPENameOperatorVersion
imgalleryeq2.4
imgalleryeq2.5

CPE	Name	Operator	Version
	imgallery	eq	2.4
	imgallery	eq	2.5

References

www.securityfocus.com/bid/21827

www.vupen.com/english/advisories/2007/0010

exchange.xforce.ibmcloud.com/vulnerabilities/31237

www.exploit-db.com/exploits/3049