CVE-2006-4875

Jupiter CMS - Unrestricted File Upload in Gallery Upload Module

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4875. PoCs published by HACKERS PAL.

AI-analyzed exploit summary The provided text describes multiple input-validation vulnerabilities in Jupiter CMSA, including XSS, SQL injection, and arbitrary file upload. It lacks executable exploit code but outlines the attack vectors and potential impacts.

Description

Unrestricted file upload vulnerability in modules/galleryuploadfunction.php in Jupiter CMS allows remote attackers to upload picture files, and possibly files with arbitrary extensions, to gallery/albums/public.

Exploits (1)

exploitdb WRITEUP VERIFIED

by HACKERS PAL · textwebappsphp

https://www.exploit-db.com/exploits/28581

View Code ZIP pw:eip

The provided text describes multiple input-validation vulnerabilities in Jupiter CMSA, including XSS, SQL injection, and arbitrary file upload. It lacks executable exploit code but outlines the attack vectors and potential impacts.

Classification

Writeup 90%

Attack Type

Sqli | Xss | Other

Complexity

Trivial

Reliability

Theoretical

Target: Jupiter CMSA

No auth needed

Prerequisites: Access to the target application's gallery upload function

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/446064/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/20048

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/1608

Scores

EPSS 0.0660

EPSS Percentile 93.0%

Details

Status published

Products (1)

jupiter_cms/jupiter_cms

Published Sep 19, 2006

Tracked Since Feb 18, 2026