CVE-2007-2146

Name of the Vulnerable Software and Affected Versions MiniGal version b13

Description The issue allows remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the name or email parameter in the imagecomments function in classes.php.

Recommendations For MiniGal version b13, consider restricting access to the imagecomments function in classes.php to minimize the risk of exploitation. As a temporary workaround, avoid using the name and email parameters in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.