CVE-2009-1446

Name of the Vulnerable Software and Affected Versions Elkagroup Image Gallery version 1.0

Description The issue allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to the upload.php file, and then accessing it via a direct request to the file in the gallery/pictures/ directory.

Recommendations For Elkagroup Image Gallery version 1.0, consider restricting or disabling the upload.php file to prevent arbitrary code execution until a fix is available. Additionally, restrict access to the gallery/pictures/ directory to minimize the risk of exploitation.