CVE-2004-1466

Name of the Vulnerable Software and Affected Versions: Gallery versions prior to 1.4.4 p2

Description: The issue allows remote attackers to upload and execute arbitrary scripts. This is possible because the set time limit function deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using save photos.php. If the temporary directory is under the web root, attackers can exploit this before the files are deleted.

Recommendations: For versions prior to 1.4.4 p2, update to version 1.4.4 p2 or later to resolve the issue. As a temporary workaround, consider restricting access to the temporary directory or moving it outside of the web root to minimize the risk of exploitation.