CVE-2008-6084

Name of the Vulnerable Software and Affected Versions Iamma Simple Gallery versions 1.0 through 2.0

Description The issue allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension to the "pages/download.php" endpoint, and then accessing it via a direct request to the file in the uploads directory.

Recommendations For Iamma Simple Gallery versions 1.0 through 2.0, consider restricting or disabling the file upload functionality in the "pages/download.php" endpoint until a patch is available. As a temporary workaround, restrict access to the uploads directory to minimize the risk of exploitation.