CNNVD-202508-784 Information

CNNVD ID

CNNVD-202508-784

Related CVE

CVE-2012-10052

• CNNVD Published: 2025-08-08

Description (Chinese)

EGallery是美国EGallery公司的一个在线艺术画廊。 EGallery 1.2版本存在安全漏洞，该漏洞源于uploadify.php脚本未验证文件类型或身份验证，可能导致任意文件上传和远程代码执行。

Description (English)

EGalery is an online art gallery of EGalery in the United States. There is a security loophole in version 1.2 of Egalery, which stems from the fact that the preloadiffy.php script does not verify the type of document or authentication, which may lead to any document uploading and remote code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

EGallery

Published

2025-08-08

Last Modified

2026-02-24

References

http://www.opensyscom.fr/Actualites/egallery-arbitrary-file-upload-vulnerability.html http://web.archive.org/web/20170128123244/ https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/egallery_upload_exec.rb https://sourceforge.net/projects/e-gallery/ https://www.exploit-db.com/exploits/20029 https://www.vulncheck.com/advisories/egallery-arbitrary-php-file-upload https://access.redhat.com/security/cve/cve-2012-10052