CNNVD-202601-3942 Information

Jan 23, 2026 cve

CNNVD ID

CNNVD-202601-3942

CVE-2025-70457

CNNVD Published: 2026-01-23

Description (Chinese)

SourceCodester Modern Image Gallery App是SourceCodester开源的一个现代图像库应用程序。 SourceCodester Modern Image Gallery App v1.0版本存在安全漏洞，该漏洞源于gallery/upload.php组件未正确验证上传文件内容且保留用户提供的文件扩展名，可能导致未经身份验证的攻击者上传任意PHP代码和完全系统被破解。

Description (English)

SourceCodester Modern Image Gallery App is a modern image library application from SourceCodester. The security loophole in version of SourceCodester Modern Image Gallery App v1.0, which originates from the incorrect authentication of the uploading of the file and the retention of the file extension provided by the user, may lead to the uploading of any PHP code and full system by the unidentified assailant.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

SourceCodester

Published

2026-01-23

Last Modified

2026-02-24

References

https://github.com/ismaildawoodjee/vulnerability-research/security/advisories/GHSA-8xq6-hjhw-4983 https://www.sourcecodester.com/php/18572/modern-image-gallery-app-using-php-and-mysql-source-code.html https://access.redhat.com/security/cve/cve-2025-70457

Share on: