PT-2006-4542 · Planetgallery · Planetgallery

Published

2006-07-21

Updated

2018-10-18

CVE-2006-3676

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions planetGallery versions prior to 14.07.2006

Description The issue allows remote attackers to execute arbitrary PHP code by uploading files with a double extension and directly accessing the file in the images directory. This bypasses a regular expression check for safe file types.

Recommendations For versions prior to 14.07.2006, consider restricting access to the admin/gallery admin.php file until a fix is available, and avoid uploading files with double extensions to prevent exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3676

Affected Products

Planetgallery

PT-2006-4542 · Planetgallery · Planetgallery

CVE-2006-3676

Related Identifiers

Affected Products

References · 9