Multiple unrestricted file upload vulnerabilities in upload.php in PHPhotoalbum allow remote malicious users to execute arbitrary code by uploading a file with a (1) .php.pgif or (2) .php.pjpeg double extension, then accessing it via a direct request to the file in albums/userpics/.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
stoverud phphotoalbum 0.5 |
||
stoverud phphotoalbum 0.4 |
||
stoverud phphotoalbum 0.3 |