CVE-2007-5733 Information

Description

Unrestricted file upload vulnerability in upload/upload.php in Japanese PHP Gallery Hosting when Open directory mode is enabled allows remote attackers to upload and execute arbitrary PHP code via a ServerPath parameter specifying a filename with a double extension. NOTE: some of these details are obtained from third party information.

Reference

http://osvdb.org/39015 http://securityreason.com/securityalert/3322 http://www.securityfocus.com/archive/1/482676/100/0/threaded http://www.securityfocus.com/bid/26179