CVE-2009-4819

Stoverud Phphotoalbum - Unrestricted File Upload

Title source: rule

Description

Multiple unrestricted file upload vulnerabilities in upload.php in PHPhotoalbum allow remote attackers to execute arbitrary code by uploading a file with a (1) .php.pgif or (2) .php.pjpeg double extension, then accessing it via a direct request to the file in albums/userpics/.

Exploits (1)

exploitdb WRITEUP VERIFIED

by wlhaan hacker · textwebappsphp

https://www.exploit-db.com/exploits/10584

View Code ZIP pw:eip

References (3)

Core 3

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/10584

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/54958

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/37436

Scores

EPSS 0.0256

EPSS Percentile 85.6%

Details

Status published

Products (3)

stoverud/phphotoalbum 0.3

stoverud/phphotoalbum 0.4

stoverud/phphotoalbum 0.5

Published Apr 27, 2010

Tracked Since Feb 18, 2026