CVE-2012-10052

EGallery 1.2 Arbitrary PHP File Upload

CVSS 9.3 CRITICALEPSS 1.4%CWE-434

EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files directly into the web-accessible egallery/ directory. This results in full remote code execution under the web server context.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

EGallery · EGallery

PoCs públicas encontradas — 3

cve_referenceraw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/egallery_upload_exec.rbno verificado cve_referencewww.exploit-db.com/exploits/20029no verificado cve_referenceweb.archive.org/web/20170128123244/http://www.opensyscom.fr/Actualites/egallery-arbitrary-file-upload-vulnerability.htmlno verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/egallery_upload_exec.rb https://sourceforge.net/projects/e-gallery/https://www.exploit-db.com/exploits/20029 https://www.vulncheck.com/advisories/egallery-arbitrary-php-file-upload http://web.archive.org/web/20170128123244/http://www.opensyscom.fr/Actualites/egallery-arbitrary-file-upload-vulnerability.html