Skip to main content

CVE-2009-4819

Severity Medium
Score 6.8/10

Summary

Multiple unrestricted file upload vulnerabilities in upload.php in PHPhotoalbum allow remote attackers to execute arbitrary code by uploading a file with a (1) .php.pgif or (2) .php.pjpeg double extension, then accessing it via a direct request to the file in albums/userpics/.

  • MEDIUM
  • NETWORK
  • NONE
  • PARTIAL
  • PARTIAL
  • PARTIAL

References

Advisory Timeline

  • Published