2 matches found
CVE-2004-1466
CVE-2004-1466 affects Gallery. Vulnerable in the upload handling where save_photos.php stores uploads in a temporary directory; if that directory is under the webroot, a remote attacker could upload a PHP file and, within a 30‑second window before deletion, execute arbitrary code. The issue is tr...
CVE-2004-1466
The settimelimit function in Gallery before 1.4.4p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using savephotos.php, which allows remote attackers to upload and execute execute arbitrary scripts before they are deleted, if the temporary directo...