CVE-2009-1446

Elkagroup Image Gallery 1.0 - Authenticated Arbitrary File Upload via upload.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1446. PoCs published by Securitylab.ir.

AI-analyzed exploit summary This is a writeup describing an arbitrary file upload vulnerability in elkagroup Image Gallery v1.0. It provides steps to exploit the vulnerability but does not include actual exploit code.

Description

Unrestricted file upload vulnerability in upload.php in Elkagroup Image Gallery 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in gallery/pictures/. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Securitylab.ir · textwebappsphp
https://www.exploit-db.com/exploits/8514

This is a writeup describing an arbitrary file upload vulnerability in elkagroup Image Gallery v1.0. It provides steps to exploit the vulnerability but does not include actual exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: elkagroup Image Gallery v1.0
Auth required
Prerequisites: valid user account · access to upload functionality
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/54115
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8514
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1149
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34679
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25844

Scores

EPSS 0.0288
EPSS Percentile 86.5%

Details

CWE
CWE-20
Status published
Products (1)
elkagroup/image_gallery 1.0
Published Apr 27, 2009
Tracked Since Feb 18, 2026