Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote attackers to execute arbitrary PHP code by uploading files with a double extension and directly accessing the file in the images directory, which bypasses a regular expression check for safe file types.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PlanetGallery 'gallery_admin.php'任意文件上传漏洞
Vulnerability Description
PlanetGallery是一个商业PHP脚本,用于发布图库、显示图片描述等。 PlanetGallery在匹配上传文件的名字时存在漏洞,远程攻击者可能利用此漏洞上传可执行的脚本文件从而在服务器上执行任意命令。 PlanetGallery的admin/gallery_admin.php文件中存在错误的正则表达式: 193 $allow_file_types = 'gif|jpg|jpeg|png|bmp'; [...] 197 if (preg_match('#\.'.$allow_file_types.
CVSS Information
N/A
Vulnerability Type
N/A