CVE-2006-3608
CVE-2006-3608 · MEDIUM Severity
AV:N/AC:H/AU:S/C:P/I:P/A:P
The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file.
Learn more about our User Device Pen Test.