The set_time_limit function in Gallery prior to 1.4.4_p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using save_photos.php, which allows remote malicious users to upload and execute execute arbitrary scripts before they are deleted, if the temporary directory is under the web root.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gallery project gallery 1.4.4 |