Vulnerabilities > CVE-2009-4819 - Unspecified vulnerability in Stoverud PHPhotoalbum 0.3/0.4/0.5
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN stoverud
exploit available
Summary
Multiple unrestricted file upload vulnerabilities in upload.php in PHPhotoalbum allow remote attackers to execute arbitrary code by uploading a file with a (1) .php.pgif or (2) .php.pjpeg double extension, then accessing it via a direct request to the file in albums/userpics/.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Exploit-Db
| description | PHPhotoalbum Remote File Upload Vulnerability. CVE-2009-4819. Webapps exploit for php platform |
| file | exploits/php/webapps/10584.txt |
| id | EDB-ID:10584 |
| last seen | 2016-02-01 |
| modified | 2009-12-21 |
| platform | php |
| port | |
| published | 2009-12-21 |
| reporter | wlhaan hacker |
| source | https://www.exploit-db.com/download/10584/ |
| title | PHPhotoalbum Remote File Upload Vulnerability |
| type | webapps |