users_adm/start1.php in IMGallery 2.5 and previous versions does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
imgallery imgallery 2.5 |
||
imgallery imgallery 2.4 |