MidnightBSD

Advisories for stoverud

CVE-2009-4819 MEDIUM

Multiple unrestricted file upload vulnerabilities in upload.php in PHPhotoalbum allow remote attackers to execute arbitrary code by uploading a file with a (1) .php.pgif or (2) .php.pjpeg double extension, then accessing it via a direct request to the file in albums/userpics/.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
stoverud phphotoalbum 0.3
stoverud phphotoalbum 0.5
stoverud phphotoalbum 0.4