|HIO-2010-0706 InterPhoto Gallery File Upload Vulnerability|
InterPhoto Gallery 2.4.0 interface exhibits vulnerabillities which can be exploited by malicious people to conduct arbitrary file uploads.
The arbitrary file upload vulnerability is caused due to the mydesk.upload.php script allowing the upload of files with arbitrary extensions to /interphoto/templates, /interphoto/languages, and all image folders inside the webroot. Additionally users with upload permissions (default) can upload files with arbitrary extension via mydesk.images.php. This can be exploited to upload arbitrary files inside the webroot and e.g. execute arbitrary PHP code.
|< Prev||Next >|