CVE-2008-1988

Name of the Vulnerable Software and Affected Versions EncapsGallery version 2.0.2

Description The issue allows remote authenticated administrators to upload and execute arbitrary PHP files. This is achieved by uploading a file with an executable extension to the file upload function in core/misc.class.php, and then accessing it via a direct request to the file in the rwx gallery directory.

Recommendations For EncapsGallery version 2.0.2, consider disabling the file upload function in core/misc.class.php to prevent the upload of arbitrary PHP files until a patch is available. Restrict access to the rwx gallery directory to minimize the risk of exploitation. Avoid using the file upload function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.