Exploitation Summary
EIP tracks 1 public exploit for EIP-2026-107337. PoCs published by Drew Calcott.
AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in Gallery Server Pro 2.6.1 and prior, allowing attackers to upload malicious files (e.g., ASPX) via a crafted multipart/form-data POST request. The vulnerability leverages path traversal to place the file in a predictable location for remote code execution.
Description
Gallery Server Pro - Arbitrary File Upload
Exploits (1)
This exploit demonstrates an arbitrary file upload vulnerability in Gallery Server Pro 2.6.1 and prior, allowing attackers to upload malicious files (e.g., ASPX) via a crafted multipart/form-data POST request. The vulnerability leverages path traversal to place the file in a predictable location for remote code execution.