CVE-2025-70457

Name of the Vulnerable Software and Affected Versions Sourcecodester Modern Image Gallery App version 1.0

Description A Remote Code Execution (RCE) issue exists in the gallery/upload.php component of the application. The application does not properly validate uploaded file contents and preserves user-supplied file extensions during the save process. This allows an unauthenticated attacker to upload arbitrary PHP code by spoofing the MIME type as an image, potentially leading to full system compromise. The vulnerable component is upload.php. The application fails to validate the file content.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict file uploads to known and trusted users only.