CVE-2007-0082

IMGallery <2.5 - RCE

Title source: llm

Description

users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kacper · phpwebappsphp

https://www.exploit-db.com/exploits/3049

View Code ZIP pw:eip

References (4)

[Exploit, Vendor Advisory] http://www.securityfocus.com/bid/21827

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/31237

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3049

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/0010

Scores

EPSS 0.0622

EPSS Percentile 90.9%

Details

Status published

Products (2)

imgallery/imgallery 2.4

imgallery/imgallery 2.5

Published Jan 05, 2007

Tracked Since Feb 18, 2026