CVE-2006-3608
CVE-2006-3608
The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/28216unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://retrogod.altervista.org/flatnuke257_adv.htmlhttp://secunia.com/advisories/21051http://securitytracker.com/id?1016499https://exchange.xforce.ibmcloud.com/vulnerabilities/27731http://www.securityfocus.com/archive/1/439975/100/0/threadedhttp://www.securityfocus.com/archive/1/442421/100/0/threadedhttp://www.securityfocus.com/bid/18966