Vulnerabilities > CVE-2007-0082 - Unspecified vulnerability in Imgallery 2.4/2.5

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

imgallery

exploit available

NVD

Published: 2007-01-05

Updated: 2017-10-19

Summary

users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts.

Vulnerable Configurations

Part	Description	Count
Application	Imgallery Imgallery Imgallery 2.4 Imgallery Imgallery 2.5	2

Exploit-Db

description	IMGallery <= 2.5 Create Uploader Script Exploit. CVE-2007-0082. Webapps exploit for php platform
file	exploits/php/webapps/3049.php
id	EDB-ID:3049
last seen	2016-01-31
modified	2006-12-30
platform	php
port
published	2006-12-30
reporter	Kacper
source	https://www.exploit-db.com/download/3049/
title	IMGallery <= 2.5 Create Uploader Script Exploit
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References